MDEV-26317: Add SYSTEMD_READWRITEPATH variable to mariadb.service.in-file

Add SYSTEMD_READWRITEPATH-variable to mariadb{@,}.service.in to make sure that
if one is not building RPM or DEB packages then make sure there is ReadWritePaths
directive is defined in systemd service file.

This ensures that tar-ball installation has permissions to write database default
installation path (default: /usr/local/mysql/data) even if it's located
under /usr. Writing to that location is prevented by 'ProtectSystem=full'
systemd directive by default.

Prefixing the path with "-" in systemd causes there to not be an error if the
path doesn't exist. This may occur if the user has configured a datadir
elsewhere.

Reviewer: Daniel Black

2 files changed, 4 insertions, 0 deletions

diff --git a/support-files/mariadb.service.in b/support-files/mariadb.service.in
index fa445250a10..8b50e42ec94 100644
--- a/support-files/mariadb.service.in
+++ b/support-files/mariadb.service.in
@@ -55,6 +55,8 @@ CapabilityBoundingSet=CAP_IPC_LOCK
 # Prevent writes to /usr, /boot, and /etc
 ProtectSystem=full
 
+@SYSTEMD_READWRITEPATH@
+
 # Doesn't yet work properly with SELinux enabled
 # NoNewPrivileges=true
 
diff --git a/support-files/mariadb@.service.in b/support-files/mariadb@.service.in
index 3f1765f4572..c14b7d2e611 100644
--- a/support-files/mariadb@.service.in
+++ b/support-files/mariadb@.service.in
@@ -63,6 +63,8 @@ CapabilityBoundingSet=CAP_IPC_LOCK
 # Prevent writes to /usr, /boot, and /etc
 ProtectSystem=full
 
+@SYSTEMD_READWRITEPATH@
+
 # Doesn't yet work properly with SELinux enabled
 # NoNewPrivileges=true