Dan Mick <dmick@xxxxxxxxxx> 于2018年8月23日周四 上午10:58写道: > > On 08/21/2018 02:05 AM, Ning Yao wrote: > > Hi, all > > > > Anyone knows why we need to add "PrivateTmp=true" in > > ceph-osd@xxxxxxxxxxx ? I find that , in the old version of > > docker(1.13), we encounter the problem as described in > > http://blog.oddbit.com/2015/01/18/docker-vs-privatetmp/ , and > > therefore some containers run into DEAD state when we delete those > > containers. > > > > So I would know whether "PrivateTmp=true" is really meaningful in > > ceph-osd@.service? and is that possible to remove it ? > > > > Regards > > Ning Yao > > > > AFAIK "PrivateTmp" is never *necessary*, but it does provide a level of > security isolation that apparently someone found desirable. > > Can you not use the solution published in that blog? > we solve it by setting fs.may_detach_mounts = 1 on CentOS 7.5 and hope it not ocurrs again. > -- > Dan Mick > Red Hat, Inc. > Ceph docs: http://ceph.com/docs
