commit: 5e67d8c604f6e080816f0e532be8fef5f666e29d Author: Brian Evans <grknight <AT> gentoo <DOT> org> AuthorDate: Mon Sep 12 14:22:25 2016 +0000 Commit: Brian Evans <grknight <AT> gentoo <DOT> org> CommitDate: Mon Sep 12 14:37:25 2016 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5e67d8c6
dev-db/mysql-init-scripts: Comment out a systemd option NoNewPrivileges=true Upstream bug https://jira.mariadb.org/browse/MDEV-10404 mentions that SELinux currently does not handle this change properly. Comment it out for now with a note No revbump for this file as most users are unaffected Package-Manager: portage-2.3.0 dev-db/mysql-init-scripts/files/mysqld-v2.service | 4 +++- dev-db/mysql-init-scripts/files/mysqld_at-v2.service | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/dev-db/mysql-init-scripts/files/mysqld-v2.service b/dev-db/mysql-init-scripts/files/mysqld-v2.service index 056b413..641abf7 100644 --- a/dev-db/mysql-init-scripts/files/mysqld-v2.service +++ b/dev-db/mysql-init-scripts/files/mysqld-v2.service @@ -32,7 +32,9 @@ CapabilityBoundingSet=CAP_IPC_LOCK # Prevent writes to /usr, /boot, and /etc ProtectSystem=full -NoNewPrivileges=true +# Currently has issues with SELinux https://jira.mariadb.org/browse/MDEV-10404 +# This is safe to uncomment when not using SELinux +#NoNewPrivileges=true PrivateDevices=true diff --git a/dev-db/mysql-init-scripts/files/mysqld_at-v2.service b/dev-db/mysql-init-scripts/files/mysqld_at-v2.service index 770a2e8..26964ea 100644 --- a/dev-db/mysql-init-scripts/files/mysqld_at-v2.service +++ b/dev-db/mysql-init-scripts/files/mysqld_at-v2.service @@ -30,7 +30,9 @@ CapabilityBoundingSet=CAP_IPC_LOCK # Prevent writes to /usr, /boot, and /etc ProtectSystem=full -NoNewPrivileges=true +# Currently has issues with SELinux https://jira.mariadb.org/browse/MDEV-10404 +# This is safe to uncomment when not using SELinux +#NoNewPrivileges=true PrivateDevices=true
