MDEV-10404 - Improved systemd service hardening causes SELinux problems

Disabled NoNewPrivileges until SELinux policy is fixed.

MDEV-10404 - Improved systemd service hardening causes SELinux problems
Disabled NoNewPrivileges until SELinux policy is fixed.
1e160e5c · Sergey Vojtovich · 48fbb2bf · 1e160e5c · 1e160e5c
Commit 1e160e5c authored Aug 17, 2016 by Sergey Vojtovich
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 2 deletions

support-files/mariadb.service.in support-files/mariadb.service.in +2 -1

support-files/mariadb@.service.in support-files/mariadb@.service.in +2 -1

No files found.
--- a/support-files/mariadb.service.in
+++ b/support-files/mariadb.service.in
@@ -48,7 +48,8 @@ CapabilityBoundingSet=CAP_IPC_LOCK
 # Prevent writes to /usr, /boot, and /etc
 ProtectSystem=full
-NoNewPrivileges=true
+# Doesn't yet work properly with SELinux enabled
+# NoNewPrivileges=true
 PrivateDevices=true

--- a/support-files/mariadb@.service.in
+++ b/support-files/mariadb@.service.in
@@ -55,7 +55,8 @@ CapabilityBoundingSet=CAP_IPC_LOCK
 # Prevent writes to /usr, /boot, and /etc
 ProtectSystem=full
-NoNewPrivileges=true
+# Doesn't yet work properly with SELinux enabled
+# NoNewPrivileges=true
 PrivateDevices=true