MDEV-36721: remove PrivateDevices=false from systemd services

grooverdan · grooverdan · commit 680b0cd86664 · 2025-10-21T11:56:04.000+11:00
The association between PrivateDevices=false and NoNewPrivileges
as an old mistake in the kernel that has been now corrected.

This was in 2019 via Debian bug #911152.
diff --git a/support-files/mariadb.service.in b/support-files/mariadb.service.in
@@ -51,10 +51,6 @@ Group=mysql
 # These are enabled by default
 AmbientCapabilities=CAP_IPC_LOCK
 
-# PrivateDevices=true implies NoNewPrivileges=true and
-# SUID auth_pam_tool suddenly doesn't do setuid anymore
-PrivateDevices=false
-
 # Prevent writes to /usr, /boot, and /etc
 ProtectSystem=full
 
diff --git a/support-files/mariadb@.service.in b/support-files/mariadb@.service.in
@@ -181,10 +181,6 @@ PrivateNetwork=false
 # These are enabled by default
 AmbientCapabilities=CAP_IPC_LOCK
 
-# PrivateDevices=true implies NoNewPrivileges=true and
-# SUID auth_pam_tool suddenly doesn't do setuid anymore
-PrivateDevices=false
-
 # Prevent writes to /usr, /boot, and /etc
 ProtectSystem=full
 
