MDEV-10404 - Improved systemd service hardening causes SELinux problems

Disabled NoNewPrivileges until SELinux policy is fixed.
2025-08-09 22:24:09 +03:00 · 2016-08-17 13:57:34 +04:00
parent 48fbb2bf07
commit 1e160e5cb3
2 changed files with 4 additions and 2 deletions
--- a/support-files/mariadb.service.in
+++ b/support-files/mariadb.service.in
@@ -48,7 +48,8 @@ CapabilityBoundingSet=CAP_IPC_LOCK
 # Prevent writes to /usr, /boot, and /etc
 ProtectSystem=full

-NoNewPrivileges=true
+# Doesn't yet work properly with SELinux enabled
+# NoNewPrivileges=true

 PrivateDevices=true

--- a/support-files/mariadb@.service.in
+++ b/support-files/mariadb@.service.in
@@ -55,7 +55,8 @@ CapabilityBoundingSet=CAP_IPC_LOCK
 # Prevent writes to /usr, /boot, and /etc
 ProtectSystem=full

-NoNewPrivileges=true
+# Doesn't yet work properly with SELinux enabled
+# NoNewPrivileges=true

 PrivateDevices=true