Commit 27e6fd9a authored by Sergey Vojtovich's avatar Sergey Vojtovich

MDEV-9095 - [PATCH] systemd capability for --memlock

Adjust systemd files to enable CAP_IPC_LOCK to allow rootless mlockall
(triggered by memlock option).

This is amended version of a patch originally submitted by Daniel Black.
parent 87e6873c
...@@ -5404,25 +5404,33 @@ static int init_server_components() ...@@ -5404,25 +5404,33 @@ static int init_server_components()
(void) mi_log(1); (void) mi_log(1);
#if defined(HAVE_MLOCKALL) && defined(MCL_CURRENT) && !defined(EMBEDDED_LIBRARY) #if defined(HAVE_MLOCKALL) && defined(MCL_CURRENT) && !defined(EMBEDDED_LIBRARY)
if (locked_in_memory && !getuid()) if (locked_in_memory)
{
int error;
if (user_info)
{
DBUG_ASSERT(!getuid());
if (setreuid((uid_t) -1, 0) == -1)
{ {
if (setreuid((uid_t)-1, 0) == -1)
{ // this should never happen
sql_perror("setreuid"); sql_perror("setreuid");
unireg_abort(1); unireg_abort(1);
} }
if (mlockall(MCL_CURRENT)) error= mlockall(MCL_CURRENT);
set_user(mysqld_user, user_info);
}
else
error= mlockall(MCL_CURRENT);
if (error)
{ {
if (global_system_variables.log_warnings) if (global_system_variables.log_warnings)
sql_print_warning("Failed to lock memory. Errno: %d\n",errno); sql_print_warning("Failed to lock memory. Errno: %d\n",errno);
locked_in_memory= 0; locked_in_memory= 0;
} }
if (user_info)
set_user(mysqld_user, user_info);
} }
else #else
locked_in_memory= 0;
#endif #endif
locked_in_memory=0;
ft_init_stopwords(); ft_init_stopwords();
......
...@@ -42,6 +42,9 @@ PrivateNetwork=false ...@@ -42,6 +42,9 @@ PrivateNetwork=false
User=mysql User=mysql
Group=mysql Group=mysql
# To allow memlock to be used as non-root user if set in configuration
CapabilityBoundingSet=CAP_IPC_LOCK
# Execute pre and post scripts as root, otherwise it does it as User= # Execute pre and post scripts as root, otherwise it does it as User=
PermissionsStartOnly=true PermissionsStartOnly=true
......
...@@ -49,6 +49,9 @@ PrivateNetwork=false ...@@ -49,6 +49,9 @@ PrivateNetwork=false
User=mysql User=mysql
Group=mysql Group=mysql
# To allow memlock to be used as non-root user if set in configuration
CapabilityBoundingSet=CAP_IPC_LOCK
# Execute pre and post scripts as root, otherwise it does it as User= # Execute pre and post scripts as root, otherwise it does it as User=
PermissionsStartOnly=true PermissionsStartOnly=true
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment