Apparmor on Ubuntu Xenial will not permit containers to mount devices, even with...

author John McEleney <john.mceleney@netservers.co.uk>

Wed, 19 Apr 2017 09:12:04 +0000 (10:12 +0100)

committer John McEleney <john.mceleney@netservers.co.uk>

Wed, 19 Apr 2017 18:22:02 +0000 (19:22 +0100)
author John McEleney <john.mceleney@netservers.co.uk>
Wed, 19 Apr 2017 09:12:04 +0000 (10:12 +0100)
committer John McEleney <john.mceleney@netservers.co.uk>
Wed, 19 Apr 2017 18:22:02 +0000 (19:22 +0100)
diff --git a/roles/ceph-osd/templates/ceph-osd-run.sh.j2 b/roles/ceph-osd/templates/ceph-osd-run.sh.j2

index 8ddd5fff78ad8ad2102d65474ab580ce893a58df..bf5ee9b38b09a6b9959775e8016af6d8ee393d17 100644 (file)
--- a/roles/ceph-osd/templates/ceph-osd-run.sh.j2
+++ b/roles/ceph-osd/templates/ceph-osd-run.sh.j2
@@ -24,6 +24,9 @@ fi
    --rm \
    --net=host \
    --cap-add SYS_ADMIN \
+  {% if ansible_distribution == 'Ubuntu' -%}
+  --security-opt apparmor:unconfined \
+  {% endif -%}
    --pid=host \
    {% if not osd_containerized_deployment_with_kv -%}
    -v /var/lib/ceph:/var/lib/ceph \
author	John McEleney <john.mceleney@netservers.co.uk>
	Wed, 19 Apr 2017 09:12:04 +0000 (10:12 +0100)
committer	John McEleney <john.mceleney@netservers.co.uk>
	Wed, 19 Apr 2017 18:22:02 +0000 (19:22 +0100)