MDEV-426: systemd PermissionsStartOnly=true by default

grooverdan · svoj · commit 3723c70a3045 · 2015-10-14T12:45:59.000+02:00
mariadb-service-convert during migration can create a file containing ExecStartPre=/usr/sbin/sysctl -q -w vm.drop_caches=3 if the users my.cnf contains [mysqld_safe] flush_caches. This sysctl entry change requires root access. No existing ExecStartPre requires execution requires execution as another user. There is a comment in the mariadb{,@}.service.in that indicates mysqld_install which would require -u mysql to explicity change user to mysql from root since PermissionsStartOnly=true. Otherwise the following error would be generated: Oct 14 07:38:38 spaceman systemd[1]: Starting MariaDB database server... -- Subject: Unit mariadb.service has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit mariadb.service has begun starting up. Oct 14 07:38:38 spaceman sysctl[10089]: sysctl: permission denied on key 'vm.drop_caches' Oct 14 07:38:38 spaceman systemd[1]: mariadb.service: control process exited, code=exited status=255 Oct 14 07:38:38 spaceman systemd[1]: Failed to start MariaDB database server.
diff --git a/cmake/systemd.cmake b/cmake/systemd.cmake
@@ -61,7 +61,7 @@ MACRO(CHECK_SYSTEMD)
                                ${INSTALL_SYSTEMD_UNITDIR}/mariadb@.service
                                ${INSTALL_SYSTEMD_UNITDIR}/mariadb@bootstrap.service.d/wsrep-new-cluster.conf")
         IF(DEB)
-          SET(SYSTEMD_EXECSTARTPRE "PermissionsStartOnly=true\nExecStartPre=/usr/bin/install -m 755 -o mysql -g root -d /var/run/mysqld")
+          SET(SYSTEMD_EXECSTARTPRE "ExecStartPre=/usr/bin/install -m 755 -o mysql -g root -d /var/run/mysqld")
           SET(SYSTEMD_EXECSTARTPOST "ExecStartPost=/etc/mysql/debian-start")
         ENDIF()
         MESSAGE(STATUS "Systemd features enabled")
diff --git a/support-files/mariadb.service.in b/support-files/mariadb.service.in
@@ -43,10 +43,10 @@ User=mysql
 Group=mysql
 
 # Execute pre and post scripts as root, otherwise it does it as User=
-# PermissionsStartOnly=true
+PermissionsStartOnly=true
 
 # Needed to create system tables etc.
-# ExecStartPre=/usr/bin/mysql_install_db
+# ExecStartPre=/usr/bin/mysql_install_db -u mysql
 
 # Start main service
 # MYSQLD_OPTS here is for users to set in /etc/systemd/system/mariadb.service.d/MY_SPECIAL.conf
diff --git a/support-files/mariadb@.service.in b/support-files/mariadb@.service.in
@@ -50,10 +50,10 @@ User=mysql
 Group=mysql
 
 # Execute pre and post scripts as root, otherwise it does it as User=
-# PermissionsStartOnly=true
+PermissionsStartOnly=true
 
 # Needed to create system tables etc.
-# ExecStartPre=/usr/bin/mysql_install_db
+# ExecStartPre=/usr/bin/mysql_install_db -u mysql
 
 # Start main service
 # MYSQLD_OPTS here is for users to set in /etc/systemd/system/mariadb@.service.d/MY_SPECIAL.conf
