Merge pull request #28023 from rjfd/wip-fix-ceph-mgr-systemd

systemd: ceph-mgr: set MemoryDenyWriteExecute to false Reviewed-by: Patrick Donnelly <pdonnell@redhat.com> Reviewed-by: Lenz Grimmer <lgrimmer@suse.com> Reviewed-by: Kefu Chai <kchai@redhat.com> Reviewed-by: Sebastian Wagner <swagner@suse.com>
2025-04-01 14:51:13 +00:00 · 2019-05-17 15:57:28 +02:00 · 2019-05-17 15:57:28 +02:00 · f27af32e4a
commit f27af32e4a
parent 7a8dda859b 1d7506fdce
1 changed files with 5 additions and 1 deletions
--- a/systemd/ceph-mgr@.service.in
+++ b/systemd/ceph-mgr@.service.in
@ -12,7 +12,11 @@ Environment=CLUSTER=ceph
 ExecStart=/usr/bin/ceph-mgr -f --cluster ${CLUSTER} --id %i --setuser ceph --setgroup ceph
 ExecReload=/bin/kill -HUP $MAINPID
 LockPersonality=true
-MemoryDenyWriteExecute=true
+
+# We need to disable this protection as some python libraries generate
+# dynamic code, like python-cffi, and require mmap calls to succeed
+MemoryDenyWriteExecute=false
+
 NoNewPrivileges=true
 PrivateDevices=yes
 ProtectControlGroups=true