openstack-ansible/releasenotes/notes/centos-private-devices-issue-0088e6f8c70a601f.yaml
Andy McCrae 009a37ee4b Fix SHAs for Pike milestone-3
For Pike Milestone 3 we need to fix the SHA's before we release.

Change-Id: I471a426442cf6913b21eb21b7e50138557bd6cfd
2017-07-25 21:59:47 +00:00

22 lines
1002 B
YAML

---
issues:
- |
MemcacheD sets `PrivateDevices=true` in its systemd unit file to
add extra security around mount namespaces. While this is useful
when running MemcacheD on a bare metal host with other services, it
is less useful when MemcacheD is already in a container with its own
namespaces. In addition, LXC 2.0.8 presents `/dev/ptmx` as a bind mount
within the container and systemd 219 (on CentOS 7) cannot make an
additional bind mount of `/dev/ptmx` when `PrivateDevices` is enabled.
Deployers can `memcached_disable_privatedevices` to `yes` to set
`PrivateDevices=false` in the systemd unit file for MariaDB on CentOS 7.
The default is `no`, which keeps the default systemd unit file settings
from the MemcacheD package.
For additional information, refer to the following bugs:
* https://bugs.launchpad.net/openstack-ansible/+bug/1697531
* https://github.com/lxc/lxc/issues/1623
* https://github.com/systemd/systemd/issues/6121