Details
-
Bug
-
Status: Closed (View Workflow)
-
Blocker
-
Resolution: Fixed
-
10.11.11, 10.5
-
RHEL8, AlmaLinux8, Ubuntu 20.04, RockyLinux 8
Description
As evident in RHEL8 (but not 9) the systemd service fails to start.
Apr 13 20:26:57 bb-hz-arm-bbw2-rhel-8-aarch64 systemd[1]: mariadb.service: Main process exited, code=exited, status=218/CAPABILITIES
|
Applies still if selinux permission fixed (MDEV-24941):
[root@citest-1 audit]# semanage fcontext -a -t mysqld_exec_t /usr/sbin/mariadbd
|
[root@citest-1 audit]# restorecon -Rv /usr/sbin/mariadbd
|
Relabeled /usr/sbin/mariadbd from system_u:object_r:bin_t:s0 to system_u:object_r:mysqld_exec_t:s0
|
[root@citest-1 audit]# ls -laZ /usr/sbin/mariadbd
|
-rwxr-xr-x. 1 root root system_u:object_r:mysqld_exec_t:s0 27041608 Apr 13 08:18 /usr/sbin/mariadbd
|
[root@citest-1 audit]# systemctl start mariadb.service
|
Job for mariadb.service failed because the control process exited with error code.
|
See "systemctl status mariadb.service" and "journalctl -xe" for details.
|
[root@citest-1 audit]# systemctl status mariadb.service
|
● mariadb.service - MariaDB 10.11.12 database server
|
Loaded: loaded (/usr/lib/systemd/system/mariadb.service; disabled; vendor preset: disabled)
|
Drop-In: /etc/systemd/system/mariadb.service.d
|
└─migrated-from-my.cnf-settings.conf
|
Active: failed (Result: exit-code) since Mon 2025-04-14 00:29:58 EDT; 8s ago
|
Docs: man:mariadbd(8)
|
https://mariadb.com/kb/en/library/systemd/
|
Process: 13743 ExecStart=/usr/sbin/mariadbd $MYSQLD_OPTS $_WSREP_NEW_CLUSTER $_WSREP_START_POSITION (code=exited, status=218/CAPABILITIES)
|
Process: 13733 ExecStartPre=/bin/sh -c [ ! -e /usr/bin/galera_recovery ] && VAR= || VAR=`/usr/bin/galera_recovery`; [ $? -eq 0 ] && systemctl set-environment _WSREP>
|
Process: 13731 ExecStartPre=/bin/sh -c systemctl unset-environment _WSREP_START_POSITION (code=exited, status=0/SUCCESS)
|
Main PID: 13743 (code=exited, status=218/CAPABILITIES)
|
[root@citest-1 yum.repos.d]# journalctl -xe
|
--
|
-- Unit man-db-cache-update.service has finished starting up.
|
--
|
-- The start-up result is done.
|
Apr 14 00:22:59 citest-1 systemd[1]: run-rae9d4d18cb3c456a9ecc082b5094fe15.service: Succeeded.
|
-- Subject: Unit succeeded
|
-- Defined-By: systemd
|
-- Support: https://access.redhat.com/support
|
--
|
-- The unit run-rae9d4d18cb3c456a9ecc082b5094fe15.service has successfully entered the 'dead' state.
|
Apr 14 00:23:17 citest-1 systemd[1]: Starting MariaDB 10.11.12 database server...
|
-- Subject: Unit mariadb.service has begun start-up
|
-- Defined-By: systemd
|
-- Support: https://access.redhat.com/support
|
--
|
-- Unit mariadb.service has begun starting up.
|
Apr 14 00:23:17 citest-1 systemd[13680]: mariadb.service: Failed to apply ambient capabilities (before UID change): Operation not permitted
|
Apr 14 00:23:17 citest-1 systemd[13680]: mariadb.service: Failed at step CAPABILITIES spawning /usr/sbin/mariadbd: Operation not permitted
|
-- Subject: Process /usr/sbin/mariadbd could not be executed
|
-- Defined-By: systemd
|
-- Support: https://access.redhat.com/support
|
--
|
-- The process /usr/sbin/mariadbd could not be executed and failed.
|
--
|
-- The error number returned by this process is 1.
|
Apr 14 00:23:17 citest-1 systemd[1]: mariadb.service: Main process exited, code=exited, status=218/CAPABILITIES
|
Apr 14 00:23:17 citest-1 systemd[1]: mariadb.service: Failed with result 'exit-code'.
|
-- Subject: Unit failed
|
-- Defined-By: systemd
|
-- Support: https://access.redhat.com/support
|
Not AlmaLinux, RockyLinux, RHEL version 9 or Ubuntu 22.04.
[root@citest-1 audit]# capsh --print
|
Current: =ep
|
Bounding set =cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_linux_immutable,cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw,cap_ipc_lock,cap_ipc_owner,cap_sys_module,cap_sys_rawio,cap_sys_chroot,cap_sys_ptrace,cap_sys_pacct,cap_sys_admin,cap_sys_boot,cap_sys_nice,cap_sys_resource,cap_sys_time,cap_sys_tty_config,cap_mknod,cap_lease,cap_audit_write,cap_audit_control,cap_setfcap,cap_mac_override,cap_mac_admin,cap_syslog,cap_wake_alarm,cap_block_suspend,cap_audit_read,cap_perfmon,cap_bpf,cap_checkpoint_restore
|
Ambient set =
|
Current IAB:
|
Securebits: 00/0x0/1'b0 (no-new-privs=0)
|
secure-noroot: no (unlocked)
|
secure-no-suid-fixup: no (unlocked)
|
secure-keep-caps: no (unlocked)
|
secure-no-ambient-raise: no (unlocked)
|
uid=0(root) euid=0(root)
|
gid=0(root)
|
groups=0(root)
|
Guessed mode: UNCERTAIN (0)
|
Attachments
Issue Links
- blocks
-
MDBF-847 Add Centos Stream 10 as a CI builder
-
- Closed
-
- is caused by
-
MDEV-36229 MariaDB effectively running as root CAP_DAC_OVERRIDE
-
- Closed
-
- links to
Activity
Transition | Time In Source Status | Execution Times |
---|
|
1d 16h 29m | 1 |
|
3h 13m | 1 |
|
1d 12h 17m | 1 |
|
4d 18h 49m | 1 |
|
6h 21m | 1 |
|
18h 36m | 1 |