diff options
| author | Oleksandr Byelkin <sanja@mariadb.com> | 2022-02-04 14:50:25 +0100 |
|---|---|---|
| committer | Oleksandr Byelkin <sanja@mariadb.com> | 2022-02-04 14:50:25 +0100 |
| commit | 4fb2cb1a30fc188682ae4dbda2f975213e5c3adf (patch) | |
| tree | 522b2dc8096cc37ace66686de36b486b73a352f5 /support-files | |
| parent | c0f5fd27549c84607defa64c5b651343dd29e0ee (diff) | |
| parent | 9ed8deb656d9378fc9c1c7fb12c15674b6323ab0 (diff) | |
| download | mariadb-git-4fb2cb1a30fc188682ae4dbda2f975213e5c3adf.tar.gz | |
Merge branch '10.7' into 10.8
Diffstat (limited to 'support-files')
| -rw-r--r-- | support-files/CMakeLists.txt | 3 | ||||
| -rw-r--r-- | support-files/mariadb.service.in | 2 | ||||
| -rw-r--r-- | support-files/mariadb@.service.in | 2 | ||||
| -rw-r--r-- | support-files/mysql-log-rotate.sh | 1 | ||||
| -rw-r--r-- | support-files/policy/selinux/mariadb-server.te | 1 |
5 files changed, 8 insertions, 1 deletions
diff --git a/support-files/CMakeLists.txt b/support-files/CMakeLists.txt index 09b8e545179..9623440f110 100644 --- a/support-files/CMakeLists.txt +++ b/support-files/CMakeLists.txt @@ -29,6 +29,7 @@ ELSE() SET(CFLAGS ${CMAKE_C_FLAGS}) SET(CXXFLAGS ${CMAKE_CXX_FLAGS}) SET(MYSQLD_USER "mysql") + SET(MYSQLD_GROUP "mysql") SET(ini_file_extension "cnf") SET(HOSTNAME "uname -n") ENDIF() @@ -79,7 +80,7 @@ IF(UNIX AND NOT WITHOUT_SERVER) INSTALL(FILES ${out} DESTINATION ${inst_location}/policy/selinux COMPONENT SupportFiles) ENDFOREACH() IF(RPM) - EXECUTE_PROCESS(COMMAND rpm -q --qf "%{VERSION}" libsepol + EXECUTE_PROCESS(COMMAND rpm -q --qf "%{VERSION}" libsepol."${CMAKE_SYSTEM_PROCESSOR}" OUTPUT_VARIABLE LIBSEPOL_VERSION RESULT_VARIABLE err) IF (NOT err) SET(CPACK_RPM_server_PACKAGE_REQUIRES diff --git a/support-files/mariadb.service.in b/support-files/mariadb.service.in index ae3ef3cb7db..c9f78870619 100644 --- a/support-files/mariadb.service.in +++ b/support-files/mariadb.service.in @@ -60,6 +60,8 @@ PrivateDevices=false # Prevent writes to /usr, /boot, and /etc ProtectSystem=full +@SYSTEMD_READWRITEPATH@ + # Doesn't yet work properly with SELinux enabled # NoNewPrivileges=true diff --git a/support-files/mariadb@.service.in b/support-files/mariadb@.service.in index 3e62ae906e2..1160bf62167 100644 --- a/support-files/mariadb@.service.in +++ b/support-files/mariadb@.service.in @@ -190,6 +190,8 @@ PrivateDevices=false # Prevent writes to /usr, /boot, and /etc ProtectSystem=full +@SYSTEMD_READWRITEPATH@ + # Requires kernel 4.14 or later and SELinux transition rule for mysqld_t # (https://github.com/systemd/systemd/issues/3845) # NoNewPrivileges=true diff --git a/support-files/mysql-log-rotate.sh b/support-files/mysql-log-rotate.sh index 37ae018c1d1..c89aa6e0b99 100644 --- a/support-files/mysql-log-rotate.sh +++ b/support-files/mysql-log-rotate.sh @@ -20,6 +20,7 @@ @localstatedir@/mysqld.log { # create 600 mysql mysql + su mysql mysql notifempty daily rotate 3 diff --git a/support-files/policy/selinux/mariadb-server.te b/support-files/policy/selinux/mariadb-server.te index 71924012283..851f8add61c 100644 --- a/support-files/policy/selinux/mariadb-server.te +++ b/support-files/policy/selinux/mariadb-server.te @@ -77,6 +77,7 @@ allow mysqld_t user_tmp_t:dir { write add_name }; allow mysqld_t user_tmp_t:file create; allow mysqld_t bin_t:lnk_file read; allow mysqld_t tmp_t:file { append create read write open getattr unlink setattr }; +allow mysqld_t usermodehelper_t:file { read open }; # Allows too much leeway - the mariabackup/wsrep rules in fc should fix it, but # keep for the moment. |