blob: 641abf733098d7551c1c7a466e14669603ed3b7e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
|
[Unit]
Description=MySQL database server
After=syslog.target
After=network.target
Conflicts=mariadb.service
[Service]
Type=simple
User=mysql
Group=mysql
# Note: we set --basedir to prevent probes that might trigger SELinux alarms,
# https://bugzilla.redhat.com/show_bug.cgi?id=547485
ExecStart=/usr/sbin/mysqld --basedir=/usr
ExecStartPost=/usr/libexec/mysqld-wait-ready $MAINPID
# Give a reasonable amount of time for the server to start up/shut down
TimeoutSec=300
# We rely on systemd, not mysqld_safe, to restart mysqld if it dies
# Restart crashed server only, on-failure would also restart, for example, when
# my.cnf contains unknown option
Restart=on-abort
RestartSec=5s
# Place temp files in a secure directory, not /tmp
PrivateTmp=true
# To allow memlock to be used as non-root user if set in configuration
CapabilityBoundingSet=CAP_IPC_LOCK
# Prevent writes to /usr, /boot, and /etc
ProtectSystem=full
# Currently has issues with SELinux https://jira.mariadb.org/browse/MDEV-10404
# This is safe to uncomment when not using SELinux
#NoNewPrivileges=true
PrivateDevices=true
# Prevent accessing /home, /root and /run/user
ProtectHome=true
UMask=007
[Install]
WantedBy=multi-user.target
|
GitWeb
