MDEV-10404 - Improved systemd service hardening causes SELinux problems

Disabled NoNewPrivileges until SELinux policy is fixed.
author: Sergey Vojtovich <svoj@mariadb.org> 2016-08-17 13:57:34 +0400
committer: Sergey Vojtovich <svoj@mariadb.org> 2016-08-17 13:59:00 +0400
commit: 1e160e5cb387900df8c47e87b9378c6e7df05777 (patch)
tree: 006539119ed9f2d83d2e93b7265e9fb67a77bca1 /support-files
parent: 48fbb2bf07515425edaf511ac2e17a575ae37713 (diff)
download: mariadb-git-1e160e5cb387900df8c47e87b9378c6e7df05777.tar.gz
2 files changed, 4 insertions, 2 deletions
diff --git a/support-files/mariadb.service.in b/support-files/mariadb.service.in
index 879c4d90a6c..6b8b2ba0ba3 100644
--- a/support-files/mariadb.service.in
+++ b/support-files/mariadb.service.in
@@ -48,7 +48,8 @@ CapabilityBoundingSet=CAP_IPC_LOCK
 # Prevent writes to /usr, /boot, and /etc
 ProtectSystem=full
 
-NoNewPrivileges=true
+# Doesn't yet work properly with SELinux enabled
+# NoNewPrivileges=true
 
 PrivateDevices=true
 
diff --git a/support-files/mariadb@.service.in b/support-files/mariadb@.service.in
index b7ac3b808bf..965e85260e4 100644
--- a/support-files/mariadb@.service.in
+++ b/support-files/mariadb@.service.in
@@ -55,7 +55,8 @@ CapabilityBoundingSet=CAP_IPC_LOCK
 # Prevent writes to /usr, /boot, and /etc
 ProtectSystem=full
 
-NoNewPrivileges=true
+# Doesn't yet work properly with SELinux enabled
+# NoNewPrivileges=true
 
 PrivateDevices=true
author	Sergey Vojtovich <svoj@mariadb.org>	2016-08-17 13:57:34 +0400
committer	Sergey Vojtovich <svoj@mariadb.org>	2016-08-17 13:59:00 +0400
commit	1e160e5cb387900df8c47e87b9378c6e7df05777 (patch)
tree	006539119ed9f2d83d2e93b7265e9fb67a77bca1 /support-files
parent	48fbb2bf07515425edaf511ac2e17a575ae37713 (diff)
download	mariadb-git-1e160e5cb387900df8c47e87b9378c6e7df05777.tar.gz