mirror of
https://github.com/ceph/ceph
synced 2024-12-26 05:25:09 +00:00
b65d9c5457
This change makes it so the mon/osd/mds/radosgw daemons: o Cannot write to /usr, /etc, and /boot. o Cannot access /home, /root, or /run/user. o Each daemon gets its own private /tmp and /var/tmp. o All daemons get a private /dev without physical devices (exception: osd) I'm not sure if the osd daemon needs access to a full /dev so I left ProtectDevices out for ceph-osd@.service. Signed-off-by: Patrick Donnelly <batrick@batbytes.com>
21 lines
503 B
Desktop File
21 lines
503 B
Desktop File
[Unit]
|
|
Description=Ceph metadata server daemon
|
|
After=network-online.target local-fs.target
|
|
Wants=network-online.target local-fs.target
|
|
PartOf=ceph-mds.target
|
|
|
|
[Service]
|
|
LimitNOFILE=1048576
|
|
LimitNPROC=1048576
|
|
EnvironmentFile=-/etc/sysconfig/ceph
|
|
Environment=CLUSTER=ceph
|
|
ExecStart=/usr/bin/ceph-mds -f --cluster ${CLUSTER} --id %i --setuser ceph --setgroup ceph
|
|
ExecReload=/bin/kill -HUP $MAINPID
|
|
PrivateDevices=yes
|
|
ProtectHome=true
|
|
ProtectSystem=full
|
|
PrivateTmp=true
|
|
|
|
[Install]
|
|
WantedBy=ceph-mds.target
|