diff --git a/sql/mysqld.cc b/sql/mysqld.cc index 121d3432758..133527c4bea 100644 --- a/sql/mysqld.cc +++ b/sql/mysqld.cc @@ -5404,25 +5404,33 @@ static int init_server_components() (void) mi_log(1); #if defined(HAVE_MLOCKALL) && defined(MCL_CURRENT) && !defined(EMBEDDED_LIBRARY) - if (locked_in_memory && !getuid()) + if (locked_in_memory) { - if (setreuid((uid_t)-1, 0) == -1) - { // this should never happen - sql_perror("setreuid"); - unireg_abort(1); + int error; + if (user_info) + { + DBUG_ASSERT(!getuid()); + if (setreuid((uid_t) -1, 0) == -1) + { + sql_perror("setreuid"); + unireg_abort(1); + } + error= mlockall(MCL_CURRENT); + set_user(mysqld_user, user_info); } - if (mlockall(MCL_CURRENT)) + else + error= mlockall(MCL_CURRENT); + + if (error) { if (global_system_variables.log_warnings) sql_print_warning("Failed to lock memory. Errno: %d\n",errno); locked_in_memory= 0; } - if (user_info) - set_user(mysqld_user, user_info); } - else +#else + locked_in_memory= 0; #endif - locked_in_memory=0; ft_init_stopwords(); diff --git a/support-files/mariadb.service.in b/support-files/mariadb.service.in index bf1e3be7407..b18674bea46 100644 --- a/support-files/mariadb.service.in +++ b/support-files/mariadb.service.in @@ -42,6 +42,9 @@ PrivateNetwork=false User=mysql Group=mysql +# To allow memlock to be used as non-root user if set in configuration +CapabilityBoundingSet=CAP_IPC_LOCK + # Execute pre and post scripts as root, otherwise it does it as User= PermissionsStartOnly=true diff --git a/support-files/mariadb@.service.in b/support-files/mariadb@.service.in index aca95cdb543..fb3b4b5f41d 100644 --- a/support-files/mariadb@.service.in +++ b/support-files/mariadb@.service.in @@ -49,6 +49,9 @@ PrivateNetwork=false User=mysql Group=mysql +# To allow memlock to be used as non-root user if set in configuration +CapabilityBoundingSet=CAP_IPC_LOCK + # Execute pre and post scripts as root, otherwise it does it as User= PermissionsStartOnly=true