---
issues:
  - |
    MemcacheD sets `PrivateDevices=true` in its systemd unit file to
    add extra security around mount namespaces. While this is useful
    when running MemcacheD on a bare metal host with other services, it
    is less useful when MemcacheD is already in a container with its own
    namespaces. In addition, LXC 2.0.8 presents `/dev/ptmx` as a bind mount
    within the container and systemd 219 (on CentOS 7) cannot make an
    additional bind mount of `/dev/ptmx` when `PrivateDevices` is enabled.

    Deployers can `memcached_disable_privatedevices` to `yes` to set
    `PrivateDevices=false` in the systemd unit file for MariaDB on CentOS 7.
    The default is `no`, which keeps the default systemd unit file settings
    from the MemcacheD package.

    For additional information, refer to the following bugs:

    * https://bugs.launchpad.net/openstack-ansible/+bug/1697531
    * https://github.com/lxc/lxc/issues/1623
    * https://github.com/systemd/systemd/issues/6121