Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-25177

Better indication of refusing to start because of ProtectHome

Details

    Description

      I just spent unreasonable amount of time until I learnt about existence of the `ProtectHome` setting. My use case is I needed to change the directory to home because I don't have space anywhere else on my dev environment (which I think could be common)

      I believe when mariadb refuses to start because ProtectHome=true it is not logged/displayed, not obvious to someone who doesn't know about this setting.

      Please ignore/close the issue if this is not true and I just didn't see it

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-26317 Distributed mariadb.service Systed service file prevents start with default datadir

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-12243 upgrade to systemd can failed with different datadir in config file

          • Major - Major loss of function.
          • Open

          Activity

            Ascending order - Click to sort in descending order
            View 6 older comments
            illuusio Tuukka Pasanen added a comment - - edited

            premek Ok then Pull Request shell script should give enough information. Can you give feedback is it working? You can find script from PR.

            illuusio Tuukka Pasanen added a comment - - edited premek Ok then Pull Request shell script should give enough information. Can you give feedback is it working? You can find script from PR.
            danblack Daniel Black added a comment -

            the environment systemd provides in ExecStartPre isn't as hardened as ExecStart so some of the more practical tests need re-examining.

            danblack Daniel Black added a comment - the environment systemd provides in ExecStartPre isn't as hardened as ExecStart so some of the more practical tests need re-examining.
            premek Premek added a comment -

            Hi, thank you for looking into my issue, but I'm currently not able to test the fix, sorry

            premek Premek added a comment - Hi, thank you for looking into my issue, but I'm currently not able to test the fix, sorry
            danblack Daniel Black added a comment -

            In the testing of the PR:

            • examination of paths is faulty as Otto gave an example - could be a symlink. I don't know if bind-mounts are similar
            • ExecStartPre scripts aren't the same protected environment as ExecStart and the special execute modes don't include a protected mode.

            As datadir is the likely variable to hit this restriction, an errno=13 + systemd could result in a more verbose warning hint in the server in test_if_case_insensitive.

            secure_file_priv seems the other variable likely to be changed to a home/system location can could get the same error checks.

            premek (or anyone watching) can you think of any other variables require special testing/error handing?

            danblack Daniel Black added a comment - In the testing of the PR: examination of paths is faulty as Otto gave an example - could be a symlink. I don't know if bind-mounts are similar ExecStartPre scripts aren't the same protected environment as ExecStart and the special execute modes don't include a protected mode. As datadir is the likely variable to hit this restriction, an errno=13 + systemd could result in a more verbose warning hint in the server in test_if_case_insensitive . secure_file_priv seems the other variable likely to be changed to a home/system location can could get the same error checks. premek (or anyone watching) can you think of any other variables require special testing/error handing?
            danblack Daniel Black added a comment -

            Acceptable? https://github.com/MariaDB/server/pull/2743

            danblack Daniel Black added a comment - Acceptable? https://github.com/MariaDB/server/pull/2743

            People

              danblack Daniel Black
              premek Premek
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.