Details
-
Type:
Bug
-
Status: Closed (View Workflow)
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 10.1.14
-
Fix Version/s: 10.1.16
-
Component/s: Scripts & Clients
-
Labels:
-
Environment:systemd, Gentoo
-
Sprint:1.0.2
Description
It would be nice to use more of systemd's hardening features:
ProtectSystem=full
|
NoNewPrivileges=true
|
PrivateDevices=true
|
ProtectHome=true
|
I tested these settings and didn't experience any problems in my (admitted limited) setup. I think they should be fine for anyone except for exceptional and odd situations. For the (very rare) impacted user, they can always override the systemd service - but a secure configuration should be the default.
Attachments
Issue Links
- causes
-
MDEV-10399 custom tmpdir permission denied only in 10.1.16
-
- Closed
-
-
MDEV-10404 Improved systemd service hardening causes SELinux problems
-
- Closed
-
-
MDEV-10405 mysql.sock gets created with different SELinux context
-
- Closed
-
-
MDEV-10519 MariaDB fails to start after upgrade from 10.1.14 - 10.1.16 (InnoDB Encryption)
-
- Closed
-
-
MDEV-13207 PrivateDevices breaks systemd service on Debian 8.8
-
- Closed
-
-
MDEV-13896 Upgraded to 10.2.8 on Centos 7.4 ibdata error
-
- Closed
-
-
MDEV-26317 Distributed mariadb.service Systed service file prevents start with default datadir
-
- Closed
-
- links to