mariadb/support-files/policy/apparmor
Daniel Black 76a27155b4 MDEV-33301 memlock with systemd still not working
.. even with MDEV-9095 fix

CapabilityBounding sets require filesystem setcap attributes
for the executable to gain privileges during execution.

A side effect of this however is the getauxvec(AT_SECURE) gets
set, and the secure_getenv from OpenSSL internals on
OPENSSL_CONF environment variable will get ignored (openssl gh issue
21770).

According to capabilities(7), Ambient capabilities don't trigger
ld.so triggering the secure execution mode.

Include SELinux and Apparmor capabilities for ipc_lock
2024-03-27 13:36:31 +11:00
..
README package new SELinux/AppArmor policies instead of old ones 2015-09-04 10:32:02 +02:00
usr.sbin.mysqld MDEV-33301 memlock with systemd still not working 2024-03-27 13:36:31 +11:00
usr.sbin.mysqld.local package new SELinux/AppArmor policies instead of old ones 2015-09-04 10:32:02 +02:00

Note: The included AppArmor profiles can be used for MariaDB Galera cluster.
However, since these profiles had been tested for a limited set of scenarios,
it is highly recommended to run them in "complain" mode and report any denials
on mariadb.org/jira.