mirror of
https://github.com/MariaDB/server.git
synced 2025-01-29 02:05:57 +01:00
8a1904d782
CapabilityBoundingSet included CAP_IPC_LOCK in MDEV-9095, however it requires that the executable has the capability marked in extended attributes also. The alternate to this is raising the RLIMIT_MEMLOCK for the service/ process to be able to complete the mlockall system call. This needs to be adjusted to whatever the MariaDB server was going to allocate. Rather than leave the non-obvious mapping of settings and tuning, add the capability so its easier for the user. We set the capability, if possible, but may never be used depending on user settings. As such in the Debian postinst script, don't complain if this fails. The CAP_IPC_LOCK also facilitates the mmaping of huge memory pages. (see man mmap), like mariadb uses with --large-pages.
26 lines
584 B
Bash
26 lines
584 B
Bash
#!/bin/sh
|
|
|
|
set -e
|
|
|
|
# inspired by iputils-ping
|
|
#
|
|
# cap_ipc_lock is required if a user wants to use --memlock
|
|
# and has insufficient RLIMIT_MEMLOCK (MDEV-33301)
|
|
|
|
PROGRAM=$(dpkg-divert --truename /usr/sbin/mysqld)
|
|
|
|
if [ "$1" = configure ]; then
|
|
# If we have setcap installed, try setting
|
|
# which allows us to install our binaries without the setuid
|
|
# bit.
|
|
if command -v setcap > /dev/null; then
|
|
if ! setcap cap_ipc_lock+ep "$PROGRAM"; then
|
|
echo "Setcap failed on $PROGRAM, required with --memlock if insufficent RLIMIT_MEMLOCK" >&2
|
|
fi
|
|
fi
|
|
fi
|
|
|
|
|
|
#DEBHELPER#
|
|
|
|
exit 0
|