From: Ricardo Dias <rdias@suse.com>
Date: Wed, 8 May 2019 13:57:07 +0000 (+0100)
Subject: systemd: ceph-mgr: set MemoryDenyWriteExecute to false
X-Git-Tag: v14.2.2~186^2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=5f990ef95291794e2919a9cf855b52f506a1b235;p=ceph.git

systemd: ceph-mgr: set MemoryDenyWriteExecute to false

Fixes: http://tracker.ceph.com/issues/39628

Signed-off-by: Ricardo Dias <rdias@suse.com>
(cherry picked from commit 1d7506fdce4924fb30bbabc65e26dafa06aab24f)
---

diff --git a/systemd/ceph-mgr@.service.in b/systemd/ceph-mgr@.service.in
index f850471534949..c98f6378b9725 100644
--- a/systemd/ceph-mgr@.service.in
+++ b/systemd/ceph-mgr@.service.in
@@ -12,7 +12,11 @@ Environment=CLUSTER=ceph
 ExecStart=/usr/bin/ceph-mgr -f --cluster ${CLUSTER} --id %i --setuser ceph --setgroup ceph
 ExecReload=/bin/kill -HUP $MAINPID
 LockPersonality=true
-MemoryDenyWriteExecute=true
+
+# We need to disable this protection as some python libraries generate
+# dynamic code, like python-cffi, and require mmap calls to succeed
+MemoryDenyWriteExecute=false
+
 NoNewPrivileges=true
 PrivateDevices=yes
 ProtectControlGroups=true