nfs: do not run privileged nfs container

At the moment, we bindmount the dbus socket from the host, this requires
to run the container with --privileged.
Since we now run a dedicated dbus daemon inside the same container, we
can stop running privileged nfs-ganesha containers

Related ceph-container PR : ceph/ceph-container#1517

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1725254
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>

diff --git a/roles/ceph-nfs/templates/ceph-nfs.service.j2 b/roles/ceph-nfs/templates/ceph-nfs.service.j2
index 459689ef88b32e79a95a85b1a8742549c9f18414..3f64ce058bb1ab08d60857efe1b6470daeb62706 100644 (file)
--- a/roles/ceph-nfs/templates/ceph-nfs.service.j2
+++ b/roles/ceph-nfs/templates/ceph-nfs.service.j2
@@ -18,10 +18,6 @@ ExecStart=/usr/bin/{{ container_binary }} run --rm --net=host \
   -v /etc/ganesha:/etc/ganesha:z \
   -v /var/run/ceph:/var/run/ceph:z \
   -v /var/log/ceph:/var/log/ceph:z \
-  {% if ceph_nfs_dynamic_exports %}
-  --privileged \
-  -v /var/run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket \
-  {% endif -%}
   -v /etc/localtime:/etc/localtime:ro \
   -e CLUSTER={{ cluster }} \
   -e CEPH_DAEMON=NFS \