From: "Brian Evans" <grknight@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] repo/gentoo:master commit in: dev-db/mysql-init-scripts/files/
Date: Mon, 12 Sep 2016 14:37:43 +0000 (UTC) [thread overview]
Message-ID: <1473691045.5e67d8c604f6e080816f0e532be8fef5f666e29d.grknight@gentoo> (raw)
commit: 5e67d8c604f6e080816f0e532be8fef5f666e29d
Author: Brian Evans <grknight <AT> gentoo <DOT> org>
AuthorDate: Mon Sep 12 14:22:25 2016 +0000
Commit: Brian Evans <grknight <AT> gentoo <DOT> org>
CommitDate: Mon Sep 12 14:37:25 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5e67d8c6
dev-db/mysql-init-scripts: Comment out a systemd option NoNewPrivileges=true
Upstream bug https://jira.mariadb.org/browse/MDEV-10404 mentions that SELinux
currently does not handle this change properly.
Comment it out for now with a note
No revbump for this file as most users are unaffected
Package-Manager: portage-2.3.0
dev-db/mysql-init-scripts/files/mysqld-v2.service | 4 +++-
dev-db/mysql-init-scripts/files/mysqld_at-v2.service | 4 +++-
2 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/dev-db/mysql-init-scripts/files/mysqld-v2.service b/dev-db/mysql-init-scripts/files/mysqld-v2.service
index 056b413..641abf7 100644
--- a/dev-db/mysql-init-scripts/files/mysqld-v2.service
+++ b/dev-db/mysql-init-scripts/files/mysqld-v2.service
@@ -32,7 +32,9 @@ CapabilityBoundingSet=CAP_IPC_LOCK
# Prevent writes to /usr, /boot, and /etc
ProtectSystem=full
-NoNewPrivileges=true
+# Currently has issues with SELinux https://jira.mariadb.org/browse/MDEV-10404
+# This is safe to uncomment when not using SELinux
+#NoNewPrivileges=true
PrivateDevices=true
diff --git a/dev-db/mysql-init-scripts/files/mysqld_at-v2.service b/dev-db/mysql-init-scripts/files/mysqld_at-v2.service
index 770a2e8..26964ea 100644
--- a/dev-db/mysql-init-scripts/files/mysqld_at-v2.service
+++ b/dev-db/mysql-init-scripts/files/mysqld_at-v2.service
@@ -30,7 +30,9 @@ CapabilityBoundingSet=CAP_IPC_LOCK
# Prevent writes to /usr, /boot, and /etc
ProtectSystem=full
-NoNewPrivileges=true
+# Currently has issues with SELinux https://jira.mariadb.org/browse/MDEV-10404
+# This is safe to uncomment when not using SELinux
+#NoNewPrivileges=true
PrivateDevices=true
next reply other threads:[~2016-09-12 14:37 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-09-12 14:37 Brian Evans [this message]
-- strict thread matches above, loose matches on Subject: below --
2017-07-24 14:04 [gentoo-commits] repo/gentoo:master commit in: dev-db/mysql-init-scripts/files/ Brian Evans
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1473691045.5e67d8c604f6e080816f0e532be8fef5f666e29d.grknight@gentoo \
--to=grknight@gentoo.org \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox