systemd: Set PrivateDevices=false in ceph-mon@.service

The `ceph-mon` daemon needs access to block devices to check the health of the
disk that backs its DB store (#24151).

Fixes: https://tracker.ceph.com/issues/52416
Signed-off-by: Benoît Knecht <bknecht@protonmail.ch>
This commit is contained in:
Benoît Knecht 2021-12-06 09:29:43 +01:00
parent c05a3b769d
commit 96de1c9760

View File

@ -20,7 +20,10 @@ LockPersonality=true
MemoryDenyWriteExecute=true
# Need NewPrivileges via `sudo smartctl`
NoNewPrivileges=false
PrivateDevices=yes
# We need access to block devices to check the health of the disk backing the
# monitor DB store. It can be set to `true` if you're not interested in that
# feature.
PrivateDevices=false
PrivateTmp=true
ProtectControlGroups=true
ProtectHome=true