projects / gentoo.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 337c125)
dev-db/mysql-init-scripts: Comment out a systemd option NoNewPrivileges=true
authorBrian Evans <grknight@gentoo.org>
Mon, 12 Sep 2016 14:22:25 +0000 (10:22 -0400)
committerBrian Evans <grknight@gentoo.org>
Mon, 12 Sep 2016 14:37:25 +0000 (10:37 -0400)
Upstream bug https://jira.mariadb.org/browse/MDEV-10404 mentions that SELinux
currently does not handle this change properly.

Comment it out for now with a note

No revbump for this file as most users are unaffected

Package-Manager: portage-2.3.0

dev-db/mysql-init-scripts/files/mysqld-v2.service patch | blob | history
dev-db/mysql-init-scripts/files/mysqld_at-v2.service patch | blob | history

diff --git a/dev-db/mysql-init-scripts/files/mysqld-v2.service b/dev-db/mysql-init-scripts/files/mysqld-v2.service
index 056b4137dabca3c1444dc9f1ae1aab4721654123..641abf733098d7551c1c7a466e14669603ed3b7e 100644 (file)
--- a/dev-db/mysql-init-scripts/files/mysqld-v2.service
+++ b/dev-db/mysql-init-scripts/files/mysqld-v2.service
@@ -32,7 +32,9 @@ CapabilityBoundingSet=CAP_IPC_LOCK
 # Prevent writes to /usr, /boot, and /etc
 ProtectSystem=full
 
-NoNewPrivileges=true
+# Currently has issues with SELinux https://jira.mariadb.org/browse/MDEV-10404
+# This is safe to uncomment when not using SELinux
+#NoNewPrivileges=true
 
 PrivateDevices=true
 
diff --git a/dev-db/mysql-init-scripts/files/mysqld_at-v2.service b/dev-db/mysql-init-scripts/files/mysqld_at-v2.service
index 770a2e8d4ddeccda00a1b4fdb57597902f65d231..26964ea8a7680d87c0d5aa243a4a53562a567a6a 100644 (file)
--- a/dev-db/mysql-init-scripts/files/mysqld_at-v2.service
+++ b/dev-db/mysql-init-scripts/files/mysqld_at-v2.service
@@ -30,7 +30,9 @@ CapabilityBoundingSet=CAP_IPC_LOCK
 # Prevent writes to /usr, /boot, and /etc
 ProtectSystem=full
 
-NoNewPrivileges=true
+# Currently has issues with SELinux https://jira.mariadb.org/browse/MDEV-10404
+# This is safe to uncomment when not using SELinux
+#NoNewPrivileges=true
 
 PrivateDevices=true
 
Unnamed repository; edit this file 'description' to name the repository.