mirror of
https://github.com/MariaDB/server.git
synced 2025-02-22 13:23:07 +01:00
8a1904d782
CapabilityBoundingSet included CAP_IPC_LOCK in MDEV-9095, however it requires that the executable has the capability marked in extended attributes also. The alternate to this is raising the RLIMIT_MEMLOCK for the service/ process to be able to complete the mlockall system call. This needs to be adjusted to whatever the MariaDB server was going to allocate. Rather than leave the non-obvious mapping of settings and tuning, add the capability so its easier for the user. We set the capability, if possible, but may never be used depending on user settings. As such in the Debian postinst script, don't complain if this fails. The CAP_IPC_LOCK also facilitates the mmaping of huge memory pages. (see man mmap), like mariadb uses with --large-pages. |
||
|---|---|---|
| .. | ||
| README | ||
| usr.sbin.mysqld | ||
| usr.sbin.mysqld.local | ||
Note: The included AppArmor profiles can be used for MariaDB Galera cluster. However, since these profiles had been tested for a limited set of scenarios, it is highly recommended to run them in "complain" mode and report any denials on mariadb.org/jira.