Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Won't Fix
-
10.1.20
-
Debian 8 x64
Description
When configuring a chroot environment, with 'chroot = /srv/chroot-mariadb' in my.cnf:
# service mariadb start
|
Fails with error "[ERROR] chroot: Operation not permitted" in syslog
But if I start the daemon manually:
$ /usr/sbin/mysqld
|
OK, server started and chrooted
And if I create a false init.d script, just to create new systemd service:
$ cp /etc/init.d/mysql /etc/init.d/mysql-test
|
$ chmod 755 /etc/init.d/mysql-test
|
$ systemctl daemon-reload
|
$ service mysql-test start
|
OK, server started and chrooted
To reproduce the chroot environment:
(sources from http://orokon.com/chrooting-mysql-and-mariadb.html and http://www.cgsecurity.org/Articles/mysql.html)
service mariadb stop
|
CHROOT=/srv/chroot-mariadb
|
mkdir -p $CHROOT/{usr/share,tmp,lib,etc,var/lib,var/run/mysqld,var/log/mysql}
|
cd $CHROOT
|
chmod 1777 tmp
|
grep 'mysql:' /etc/passwd > etc/passwd
|
mv /var/lib/mysql var/lib/
|
cp -a /usr/share/mysql $CHROOT/usr/share/
|
chown mysql:mysql $CHROOT/{tmp,var/lib/mysql,var/run/mysqld,var/log/mysql}
|
ln -s $CHROOT/var/lib/mysql/ /var/lib/mysql
|
mv /var/run/mysqld var/run
|
ln -s $CHROOT/var/run/mysqld/ /var/run/mysqld
|
|
|
librairies="$(ldd $(which mysqld)) $(find /{lib,usr/lib} -name 'libnss*')"
|
regex="^/(.+)/.+$"
|
while read adr1 arrow adr2 foo; do
|
[ -z "$adr2" ] && f=$adr1 || f=$adr2
|
if [[ $f =~ $regex ]]; then
|
folder="${BASH_REMATCH[1]}"
|
[ ! -d "$folder" ] && mkdir -p $folder
|
cp $f $folder/
|
fi
|
done < <(echo -e "$librairies")
|
|
|
echo -e "[client]
|
socket = $CHROOT/var/run/mysqld/mysqld.sock
|
[mysqld]
|
chroot = $CHROOT" >> /etc/mysql/conf.d/chroot.cnf
|