mirror of
https://github.com/gentoo-mirror/gentoo.git
synced 2025-12-21 21:17:37 -08:00
5e67d8c604
Upstream bug https://jira.mariadb.org/browse/MDEV-10404 mentions that SELinux currently does not handle this change properly. Comment it out for now with a note No revbump for this file as most users are unaffected Package-Manager: portage-2.3.0
46 lines
1.1 KiB
Desktop File
46 lines
1.1 KiB
Desktop File
[Unit]
|
|
Description=MySQL database server
|
|
ConditionPathExists=/etc/mysql/my%I.cnf
|
|
After=network.target
|
|
|
|
[Service]
|
|
Type=simple
|
|
User=mysql
|
|
Group=mysql
|
|
|
|
# Note: we set --basedir to prevent probes that might trigger SELinux alarms,
|
|
# https://bugzilla.redhat.com/show_bug.cgi?id=547485
|
|
ExecStart=/usr/sbin/mysqld --defaults-file=/etc/mysql/my%I.cnf --basedir=/usr
|
|
ExecStartPost=/usr/libexec/mysqld-wait-ready $MAINPID
|
|
|
|
# Give a reasonable amount of time for the server to start up/shut down
|
|
TimeoutSec=300
|
|
|
|
# Restart crashed server only, on-failure would also restart, for example, when
|
|
# my.cnf contains unknown option
|
|
Restart=on-abort
|
|
RestartSec=5s
|
|
|
|
# Place temp files in a secure directory, not /tmp
|
|
PrivateTmp=true
|
|
|
|
# To allow memlock to be used as non-root user if set in configuration
|
|
CapabilityBoundingSet=CAP_IPC_LOCK
|
|
|
|
# Prevent writes to /usr, /boot, and /etc
|
|
ProtectSystem=full
|
|
|
|
# Currently has issues with SELinux https://jira.mariadb.org/browse/MDEV-10404
|
|
# This is safe to uncomment when not using SELinux
|
|
#NoNewPrivileges=true
|
|
|
|
PrivateDevices=true
|
|
|
|
# Prevent accessing /home, /root and /run/user
|
|
ProtectHome=true
|
|
|
|
UMask=007
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|