MDEV-10404 - Improved systemd service hardening causes SELinux problems

svoj · svoj · commit 1e160e5cb387 · 2016-08-17T13:59:00.000+04:00
Disabled NoNewPrivileges until SELinux policy is fixed.
diff --git a/support-files/mariadb.service.in b/support-files/mariadb.service.in
@@ -48,7 +48,8 @@ CapabilityBoundingSet=CAP_IPC_LOCK
 # Prevent writes to /usr, /boot, and /etc
 ProtectSystem=full
 
-NoNewPrivileges=true
+# Doesn't yet work properly with SELinux enabled
+# NoNewPrivileges=true
 
 PrivateDevices=true
 
diff --git a/support-files/mariadb@.service.in b/support-files/mariadb@.service.in
@@ -55,7 +55,8 @@ CapabilityBoundingSet=CAP_IPC_LOCK
 # Prevent writes to /usr, /boot, and /etc
 ProtectSystem=full
 
-NoNewPrivileges=true
+# Doesn't yet work properly with SELinux enabled
+# NoNewPrivileges=true
 
 PrivateDevices=true
 
