mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-10-31 19:06:14 +01:00
Code Issues Projects Releases Packages Wiki Activity
mariadb/support-files/policy/apparmor
History
Exact
Daniel Black 76a27155b4 MDEV-33301 memlock with systemd still not working 
.. even with MDEV-9095 fix

CapabilityBounding sets require filesystem setcap attributes
for the executable to gain privileges during execution.

A side effect of this however is the getauxvec(AT_SECURE) gets
set, and the secure_getenv from OpenSSL internals on
OPENSSL_CONF environment variable will get ignored (openssl gh issue
21770).

According to capabilities(7), Ambient capabilities don't trigger
ld.so triggering the secure execution mode.

Include SELinux and Apparmor capabilities for ipc_lock
2024-03-27 13:36:31 +11:00
..
README package new SELinux/AppArmor policies instead of old ones 2015-09-04 10:32:02 +02:00
usr.sbin.mysqld MDEV-33301 memlock with systemd still not working 2024-03-27 13:36:31 +11:00
usr.sbin.mysqld.local package new SELinux/AppArmor policies instead of old ones 2015-09-04 10:32:02 +02:00

README 

Note: The included AppArmor profiles can be used for MariaDB Galera cluster.
However, since these profiles had been tested for a limited set of scenarios,
it is highly recommended to run them in "complain" mode and report any denials
on mariadb.org/jira.