RepoMirrors/ceph
1
0
Fork 0
mirror of https://github.com/ceph/ceph synced 2024-12-20 18:33:44 +00:00
Code Issues Packages Projects Releases Wiki Activity
dadc66a58e
ceph/systemd/ceph-mgr@.service.in
Ricardo Dias 1d7506fdce
systemd: ceph-mgr: set MemoryDenyWriteExecute to false 
Fixes: http://tracker.ceph.com/issues/39628

Signed-off-by: Ricardo Dias <rdias@suse.com>
2019-05-09 07:36:43 +01:00

35 lines
903 B
SYSTEMD
Raw Blame History

[Unit]
Description=Ceph cluster manager daemon
After=network-online.target local-fs.target time-sync.target
Wants=network-online.target local-fs.target time-sync.target
PartOf=ceph-mgr.target
[Service]
LimitNOFILE=1048576
LimitNPROC=1048576
EnvironmentFile=-@SYSTEMD_ENV_FILE@
Environment=CLUSTER=ceph
ExecStart=/usr/bin/ceph-mgr -f --cluster ${CLUSTER} --id %i --setuser ceph --setgroup ceph
ExecReload=/bin/kill -HUP $MAINPID
LockPersonality=true
# We need to disable this protection as some python libraries generate
# dynamic code, like python-cffi, and require mmap calls to succeed
MemoryDenyWriteExecute=false
NoNewPrivileges=true
PrivateDevices=yes
ProtectControlGroups=true
ProtectHome=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectSystem=full
PrivateTmp=true
Restart=on-failure
RestartSec=10
StartLimitInterval=30min
StartLimitBurst=3
[Install]
WantedBy=ceph-mgr.target
Reference in New Issue View Git Blame Copy Permalink