From f1388dc2c211c68e2c0b8e89fde86c1bc205c45a Mon Sep 17 00:00:00 2001
From: John McEleney <john.mceleney@netservers.co.uk>
Date: Wed, 19 Apr 2017 10:12:04 +0100
Subject: [PATCH] Apparmor on Ubuntu Xenial will not permit containers to mount
 devices, even with CAP SYS_ADMIN.

---
 roles/ceph-osd/templates/ceph-osd-run.sh.j2 | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/roles/ceph-osd/templates/ceph-osd-run.sh.j2 b/roles/ceph-osd/templates/ceph-osd-run.sh.j2
index 8ddd5fff7..bf5ee9b38 100644
--- a/roles/ceph-osd/templates/ceph-osd-run.sh.j2
+++ b/roles/ceph-osd/templates/ceph-osd-run.sh.j2
@@ -24,6 +24,9 @@ fi
   --rm \
   --net=host \
   --cap-add SYS_ADMIN \
+  {% if ansible_distribution == 'Ubuntu' -%}
+  --security-opt apparmor:unconfined \
+  {% endif -%}
   --pid=host \
   {% if not osd_containerized_deployment_with_kv -%}
   -v /var/lib/ceph:/var/lib/ceph \