Control: tags -1 moreinfo
Jeremy, please follow up on your bug report or we won't be able to help you.
On Tue, Aug 3, 2021 at 1:39 PM Daniel Black <dan...@mariadb.org> wrote:
>
> Jeremy,
>
> You are correct in that this is due to one of the hardening directives
> in the service file Protect{Home,System} or PrivateDevices that is
> trying to be applied before the kernel/system has completed the
> underlying mounts on which they depend.
>
> Without these hardening directives, and without
> PermissionsStartOnly=true and all of the ExecStartPre= directives the
> system is pretty secure as the mysqld/mariadbd process is run under
> the non-privileged mysql user which ordinary cannot perform the
> restricted items. Being a tiny VM I'm assuming this is the only
> services there.
>
> systemd-analyze dump (hint from
> https://freedesktop.org/wiki/Software/systemd/Debugging/#reportingsystemdbugs-
> Information to Attach to a Bug Report) may include some timing
> information of services to verify. The logs since boot `journalctl -b`
> might give enough information to see what ordering is happening at
> boot.
>
> kernel argument systemd.log_level=debug will include more information
> in the mariadb.service journal `journalctl -u mariadb.service
> --priority=7` such that the specific mount/system call might be able
> to be identified. systemd.log_level=debug will probably make the
> journalctl -b too verbose to read
