From 1d7506fdce4924fb30bbabc65e26dafa06aab24f Mon Sep 17 00:00:00 2001
From: Ricardo Dias <rdias@suse.com>
Date: Wed, 8 May 2019 14:57:07 +0100
Subject: [PATCH] systemd: ceph-mgr: set MemoryDenyWriteExecute to false

Fixes: http://tracker.ceph.com/issues/39628

Signed-off-by: Ricardo Dias <rdias@suse.com>
---
 systemd/ceph-mgr@.service.in | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/systemd/ceph-mgr@.service.in b/systemd/ceph-mgr@.service.in
index f85047153494..c98f6378b972 100644
--- a/systemd/ceph-mgr@.service.in
+++ b/systemd/ceph-mgr@.service.in
@@ -12,7 +12,11 @@ Environment=CLUSTER=ceph
 ExecStart=/usr/bin/ceph-mgr -f --cluster ${CLUSTER} --id %i --setuser ceph --setgroup ceph
 ExecReload=/bin/kill -HUP $MAINPID
 LockPersonality=true
-MemoryDenyWriteExecute=true
+
+# We need to disable this protection as some python libraries generate
+# dynamic code, like python-cffi, and require mmap calls to succeed
+MemoryDenyWriteExecute=false
+
 NoNewPrivileges=true
 PrivateDevices=yes
 ProtectControlGroups=true
-- 
2.47.3