Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/dev-db/mysql-init-scripts/files
diff options
context:
space:
mode:
authorBrian Evans <grknight@gentoo.org>2016-07-20 12:34:15 -0400
committerBrian Evans <grknight@gentoo.org>2016-07-20 12:34:15 -0400
commitb85142cdd9623c78c904dbb99c258ebf2424c32c (patch)
tree872978754dcc22c9d9e5ced64c4d190f05d6f46d /dev-db/mysql-init-scripts/files
parentkde-apps/libkipi: amd64/x86 stable (diff)
downloadgentoo-b85142cdd9623c78c904dbb99c258ebf2424c32c.tar.gz
gentoo-b85142cdd9623c78c904dbb99c258ebf2424c32c.tar.bz2
gentoo-b85142cdd9623c78c904dbb99c258ebf2424c32c.zip
dev-db/mysql-init-scripts: Revbump for bug 587416
Package-Manager: portage-2.3.0
Diffstat (limited to 'dev-db/mysql-init-scripts/files')
-rw-r--r--dev-db/mysql-init-scripts/files/mysqld-v2.service20
-rw-r--r--dev-db/mysql-init-scripts/files/mysqld_at-v2.service21
2 files changed, 38 insertions, 3 deletions
diff --git a/dev-db/mysql-init-scripts/files/mysqld-v2.service b/dev-db/mysql-init-scripts/files/mysqld-v2.service
index 12f773155a64..056b4137dabc 100644
--- a/dev-db/mysql-init-scripts/files/mysqld-v2.service
+++ b/dev-db/mysql-init-scripts/files/mysqld-v2.service
@@ -18,10 +18,28 @@ ExecStartPost=/usr/libexec/mysqld-wait-ready $MAINPID
TimeoutSec=300
# We rely on systemd, not mysqld_safe, to restart mysqld if it dies
-Restart=always
+# Restart crashed server only, on-failure would also restart, for example, when
+# my.cnf contains unknown option
+Restart=on-abort
+RestartSec=5s
# Place temp files in a secure directory, not /tmp
PrivateTmp=true
+# To allow memlock to be used as non-root user if set in configuration
+CapabilityBoundingSet=CAP_IPC_LOCK
+
+# Prevent writes to /usr, /boot, and /etc
+ProtectSystem=full
+
+NoNewPrivileges=true
+
+PrivateDevices=true
+
+# Prevent accessing /home, /root and /run/user
+ProtectHome=true
+
+UMask=007
+
[Install]
WantedBy=multi-user.target
diff --git a/dev-db/mysql-init-scripts/files/mysqld_at-v2.service b/dev-db/mysql-init-scripts/files/mysqld_at-v2.service
index 4c6a8caf46d7..770a2e8d4dde 100644
--- a/dev-db/mysql-init-scripts/files/mysqld_at-v2.service
+++ b/dev-db/mysql-init-scripts/files/mysqld_at-v2.service
@@ -16,11 +16,28 @@ ExecStartPost=/usr/libexec/mysqld-wait-ready $MAINPID
# Give a reasonable amount of time for the server to start up/shut down
TimeoutSec=300
-# We rely on systemd, not mysqld_safe, to restart mysqld if it dies
-Restart=always
+# Restart crashed server only, on-failure would also restart, for example, when
+# my.cnf contains unknown option
+Restart=on-abort
+RestartSec=5s
# Place temp files in a secure directory, not /tmp
PrivateTmp=true
+# To allow memlock to be used as non-root user if set in configuration
+CapabilityBoundingSet=CAP_IPC_LOCK
+
+# Prevent writes to /usr, /boot, and /etc
+ProtectSystem=full
+
+NoNewPrivileges=true
+
+PrivateDevices=true
+
+# Prevent accessing /home, /root and /run/user
+ProtectHome=true
+
+UMask=007
+
[Install]
WantedBy=multi-user.target