mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-01-15 19:42:28 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

MDEV-19210: do not run pre and post scripts as root

Browse source 
Now that we do not pollute systemd's environment but write private
environment files running these as root is not longer required. So
let's drop `PermissionsStartOnly=true`.

Debian adds extra `ExecStartPre=` and `ExecStartPost=`, though.
Use special executable prefix for full privileges there. (See
systemd.service(5) for details.)
This commit is contained in:
Christian Hesse 2023-08-09 02:18:36 +02:00 committed by Andrew Hutchings
parent 4c56c66372
commit aeffec60f6
2 changed files with 2 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
cmake/systemd.cmake
View file

@ -50,8 +50,8 @@ MACRO(CHECK_SYSTEMD)
SET(SYSTEMD_SCRIPTS ${SYSTEMD_SCRIPTS} galera_new_cluster galera_recovery)
ENDIF()
IF(DEB)
SET(SYSTEMD_EXECSTARTPRE "ExecStartPre=/usr/bin/install -m 755 -o mysql -g root -d /var/run/mysqld")
SET(SYSTEMD_EXECSTARTPOST "ExecStartPost=/etc/mysql/debian-start")
SET(SYSTEMD_EXECSTARTPRE "ExecStartPre=+/usr/bin/install -m 755 -o mysql -g root -d /var/run/mysqld")
SET(SYSTEMD_EXECSTARTPOST "ExecStartPost=+/etc/mysql/debian-start")
ENDIF()
IF(URING_FOUND)
SET(SYSTEMD_LIMIT "# For liburing and io_uring_setup()

3
support-files/mariadb.service.in
View file

@ -68,9 +68,6 @@ ProtectSystem=full
# Prevent accessing /home, /root and /run/user
ProtectHome=true
# Execute pre and post scripts as root, otherwise it does it as User=
PermissionsStartOnly=true
# Use an environment file to pass variable _WSREP_NEW_CLUSTER
EnvironmentFile=-@mysqlunixdir@/wsrep-new-cluster