mirror of
https://github.com/ceph/ceph
synced 2024-12-31 16:12:42 +00:00
systemd: Set PrivateDevices=false in ceph-mon@.service
The `ceph-mon` daemon needs access to block devices to check the health of the disk that backs its DB store (#24151). Fixes: https://tracker.ceph.com/issues/52416 Signed-off-by: Benoît Knecht <bknecht@protonmail.ch>
This commit is contained in:
parent
c05a3b769d
commit
96de1c9760
@ -20,7 +20,10 @@ LockPersonality=true
|
||||
MemoryDenyWriteExecute=true
|
||||
# Need NewPrivileges via `sudo smartctl`
|
||||
NoNewPrivileges=false
|
||||
PrivateDevices=yes
|
||||
# We need access to block devices to check the health of the disk backing the
|
||||
# monitor DB store. It can be set to `true` if you're not interested in that
|
||||
# feature.
|
||||
PrivateDevices=false
|
||||
PrivateTmp=true
|
||||
ProtectControlGroups=true
|
||||
ProtectHome=true
|
||||
|
Loading…
Reference in New Issue
Block a user