From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 70FD913832E for ; Wed, 20 Jul 2016 16:34:28 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 9F80121C060; Wed, 20 Jul 2016 16:34:27 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 387AC21C060 for ; Wed, 20 Jul 2016 16:34:27 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id EC8E9340D78 for ; Wed, 20 Jul 2016 16:34:25 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 3CA957CE for ; Wed, 20 Jul 2016 16:34:23 +0000 (UTC) From: "Brian Evans" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Brian Evans" Message-ID: <1469032455.b85142cdd9623c78c904dbb99c258ebf2424c32c.grknight@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: dev-db/mysql-init-scripts/files/, dev-db/mysql-init-scripts/ X-VCS-Repository: repo/gentoo X-VCS-Files: dev-db/mysql-init-scripts/files/mysqld-v2.service dev-db/mysql-init-scripts/files/mysqld_at-v2.service dev-db/mysql-init-scripts/mysql-init-scripts-2.1-r1.ebuild dev-db/mysql-init-scripts/mysql-init-scripts-2.1.ebuild X-VCS-Directories: dev-db/mysql-init-scripts/ dev-db/mysql-init-scripts/files/ X-VCS-Committer: grknight X-VCS-Committer-Name: Brian Evans X-VCS-Revision: b85142cdd9623c78c904dbb99c258ebf2424c32c X-VCS-Branch: master Date: Wed, 20 Jul 2016 16:34:23 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 63d8e655-3eb0-4a03-9f30-d8bba08f703c X-Archives-Hash: 29a9eddf241b005ad635f26d3405a689 commit: b85142cdd9623c78c904dbb99c258ebf2424c32c Author: Brian Evans gentoo org> AuthorDate: Wed Jul 20 16:34:15 2016 +0000 Commit: Brian Evans gentoo org> CommitDate: Wed Jul 20 16:34:15 2016 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b85142cd dev-db/mysql-init-scripts: Revbump for bug 587416 Package-Manager: portage-2.3.0 dev-db/mysql-init-scripts/files/mysqld-v2.service | 20 +++++++++++++++++++- .../mysql-init-scripts/files/mysqld_at-v2.service | 21 +++++++++++++++++++-- ...-2.1.ebuild => mysql-init-scripts-2.1-r1.ebuild} | 0 3 files changed, 38 insertions(+), 3 deletions(-) diff --git a/dev-db/mysql-init-scripts/files/mysqld-v2.service b/dev-db/mysql-init-scripts/files/mysqld-v2.service index 12f7731..056b413 100644 --- a/dev-db/mysql-init-scripts/files/mysqld-v2.service +++ b/dev-db/mysql-init-scripts/files/mysqld-v2.service @@ -18,10 +18,28 @@ ExecStartPost=/usr/libexec/mysqld-wait-ready $MAINPID TimeoutSec=300 # We rely on systemd, not mysqld_safe, to restart mysqld if it dies -Restart=always +# Restart crashed server only, on-failure would also restart, for example, when +# my.cnf contains unknown option +Restart=on-abort +RestartSec=5s # Place temp files in a secure directory, not /tmp PrivateTmp=true +# To allow memlock to be used as non-root user if set in configuration +CapabilityBoundingSet=CAP_IPC_LOCK + +# Prevent writes to /usr, /boot, and /etc +ProtectSystem=full + +NoNewPrivileges=true + +PrivateDevices=true + +# Prevent accessing /home, /root and /run/user +ProtectHome=true + +UMask=007 + [Install] WantedBy=multi-user.target diff --git a/dev-db/mysql-init-scripts/files/mysqld_at-v2.service b/dev-db/mysql-init-scripts/files/mysqld_at-v2.service index 4c6a8ca..770a2e8 100644 --- a/dev-db/mysql-init-scripts/files/mysqld_at-v2.service +++ b/dev-db/mysql-init-scripts/files/mysqld_at-v2.service @@ -16,11 +16,28 @@ ExecStartPost=/usr/libexec/mysqld-wait-ready $MAINPID # Give a reasonable amount of time for the server to start up/shut down TimeoutSec=300 -# We rely on systemd, not mysqld_safe, to restart mysqld if it dies -Restart=always +# Restart crashed server only, on-failure would also restart, for example, when +# my.cnf contains unknown option +Restart=on-abort +RestartSec=5s # Place temp files in a secure directory, not /tmp PrivateTmp=true +# To allow memlock to be used as non-root user if set in configuration +CapabilityBoundingSet=CAP_IPC_LOCK + +# Prevent writes to /usr, /boot, and /etc +ProtectSystem=full + +NoNewPrivileges=true + +PrivateDevices=true + +# Prevent accessing /home, /root and /run/user +ProtectHome=true + +UMask=007 + [Install] WantedBy=multi-user.target diff --git a/dev-db/mysql-init-scripts/mysql-init-scripts-2.1.ebuild b/dev-db/mysql-init-scripts/mysql-init-scripts-2.1-r1.ebuild similarity index 100% rename from dev-db/mysql-init-scripts/mysql-init-scripts-2.1.ebuild rename to dev-db/mysql-init-scripts/mysql-init-scripts-2.1-r1.ebuild