systemd: Set PrivateDevices=false in [email protected]

The `ceph-mon` daemon needs access to block devices to check the health of the disk that backs its DB store (ceph#24151). Fixes: https://tracker.ceph.com/issues/52416 Signed-off-by: Benoît Knecht <[email protected]>
senax · Jan 4, 2022 · 96de1c9 · 96de1c9
1 parent c05a3b7
commit 96de1c9
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/systemd/[email protected] b/systemd/[email protected]
@@ -20,7 +20,10 @@ LockPersonality=true
 MemoryDenyWriteExecute=true
 # Need NewPrivileges via `sudo smartctl`
 NoNewPrivileges=false
-PrivateDevices=yes
+# We need access to block devices to check the health of the disk backing the
+# monitor DB store. It can be set to `true` if you're not interested in that
+# feature.
+PrivateDevices=false
 PrivateTmp=true
 ProtectControlGroups=true
 ProtectHome=true