mariadb

mirror of https://github.com/MariaDB/server.git synced 2025-10-28 01:16:31 +01:00

History

Daniel Black 76a27155b4 MDEV-33301 memlock with systemd still not working .. even with MDEV-9095 fix CapabilityBounding sets require filesystem setcap attributes for the executable to gain privileges during execution. A side effect of this however is the getauxvec(AT_SECURE) gets set, and the secure_getenv from OpenSSL internals on OPENSSL_CONF environment variable will get ignored (openssl gh issue 21770). According to capabilities(7), Ambient capabilities don't trigger ld.so triggering the secure execution mode. Include SELinux and Apparmor capabilities for ipc_lock	2024-03-27 13:36:31 +11:00
..
apparmor	MDEV-33301 memlock with systemd still not working	2024-03-27 13:36:31 +11:00
selinux	MDEV-33301 memlock with systemd still not working	2024-03-27 13:36:31 +11:00

Daniel Black 76a27155b4 MDEV-33301 memlock with systemd still not working

.. even with MDEV-9095 fix

CapabilityBounding sets require filesystem setcap attributes
for the executable to gain privileges during execution.

A side effect of this however is the getauxvec(AT_SECURE) gets
set, and the secure_getenv from OpenSSL internals on
OPENSSL_CONF environment variable will get ignored (openssl gh issue
21770).

According to capabilities(7), Ambient capabilities don't trigger
ld.so triggering the secure execution mode.

Include SELinux and Apparmor capabilities for ipc_lock

2024-03-27 13:36:31 +11:00

apparmor

MDEV-33301 memlock with systemd still not working

2024-03-27 13:36:31 +11:00

selinux

MDEV-33301 memlock with systemd still not working

2024-03-27 13:36:31 +11:00