commit: b85142cdd9623c78c904dbb99c258ebf2424c32c Author: Brian Evans <grknight <AT> gentoo <DOT> org> AuthorDate: Wed Jul 20 16:34:15 2016 +0000 Commit: Brian Evans <grknight <AT> gentoo <DOT> org> CommitDate: Wed Jul 20 16:34:15 2016 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b85142cd
dev-db/mysql-init-scripts: Revbump for bug 587416 Package-Manager: portage-2.3.0 dev-db/mysql-init-scripts/files/mysqld-v2.service | 20 +++++++++++++++++++- .../mysql-init-scripts/files/mysqld_at-v2.service | 21 +++++++++++++++++++-- ...-2.1.ebuild => mysql-init-scripts-2.1-r1.ebuild} | 0 3 files changed, 38 insertions(+), 3 deletions(-) diff --git a/dev-db/mysql-init-scripts/files/mysqld-v2.service b/dev-db/mysql-init-scripts/files/mysqld-v2.service index 12f7731..056b413 100644 --- a/dev-db/mysql-init-scripts/files/mysqld-v2.service +++ b/dev-db/mysql-init-scripts/files/mysqld-v2.service @@ -18,10 +18,28 @@ ExecStartPost=/usr/libexec/mysqld-wait-ready $MAINPID TimeoutSec=300 # We rely on systemd, not mysqld_safe, to restart mysqld if it dies -Restart=always +# Restart crashed server only, on-failure would also restart, for example, when +# my.cnf contains unknown option +Restart=on-abort +RestartSec=5s # Place temp files in a secure directory, not /tmp PrivateTmp=true +# To allow memlock to be used as non-root user if set in configuration +CapabilityBoundingSet=CAP_IPC_LOCK + +# Prevent writes to /usr, /boot, and /etc +ProtectSystem=full + +NoNewPrivileges=true + +PrivateDevices=true + +# Prevent accessing /home, /root and /run/user +ProtectHome=true + +UMask=007 + [Install] WantedBy=multi-user.target diff --git a/dev-db/mysql-init-scripts/files/mysqld_at-v2.service b/dev-db/mysql-init-scripts/files/mysqld_at-v2.service index 4c6a8ca..770a2e8 100644 --- a/dev-db/mysql-init-scripts/files/mysqld_at-v2.service +++ b/dev-db/mysql-init-scripts/files/mysqld_at-v2.service @@ -16,11 +16,28 @@ ExecStartPost=/usr/libexec/mysqld-wait-ready $MAINPID # Give a reasonable amount of time for the server to start up/shut down TimeoutSec=300 -# We rely on systemd, not mysqld_safe, to restart mysqld if it dies -Restart=always +# Restart crashed server only, on-failure would also restart, for example, when +# my.cnf contains unknown option +Restart=on-abort +RestartSec=5s # Place temp files in a secure directory, not /tmp PrivateTmp=true +# To allow memlock to be used as non-root user if set in configuration +CapabilityBoundingSet=CAP_IPC_LOCK + +# Prevent writes to /usr, /boot, and /etc +ProtectSystem=full + +NoNewPrivileges=true + +PrivateDevices=true + +# Prevent accessing /home, /root and /run/user +ProtectHome=true + +UMask=007 + [Install] WantedBy=multi-user.target diff --git a/dev-db/mysql-init-scripts/mysql-init-scripts-2.1.ebuild b/dev-db/mysql-init-scripts/mysql-init-scripts-2.1-r1.ebuild similarity index 100% rename from dev-db/mysql-init-scripts/mysql-init-scripts-2.1.ebuild rename to dev-db/mysql-init-scripts/mysql-init-scripts-2.1-r1.ebuild
