New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
dev-db/mysql-init-scripts: Respect my.cnf user setting #8151
Conversation
**Blocker to merging:** How do we set the user in the s6 init? * Fix running mysql as a different user * Fix multiple Galera SST failures when /proc is mounted with hidepid=2. On startup wsrep_sst_rsync was failing to run because it checks to see if the mysqld process is running. When the service is started without --user, the mysqld process calls setuid() to perform the user change itself. The setuid call will flip the dumpable bit for the process, disabling the ability for the mysql user to ptrace it. The hidepid=2 /proc mount option checks not only if the process is owned by the user, but also if the user can ptrace the process. If a process can not be ptraced, it does not appear in the output of ps. As a result of this, wsrep_sst_rsync would start the rsync daemon and immediately kill it because it thought mysqld wasn't running, since it didn't appear in ps. Starting mysqld as the correct user allows the process to appear. Closes: https://bugs.gentoo.org/593046 Package-Manager: Portage-2.3.24, Repoman-2.3.6
Pull Request assignment Areas affected: ebuilds dev-db/mysql-init-scripts: @gentoo/mysql Bugs linked: 593046 In order to force reassignment and/or bug reference scan, please append Gentoo Mirror & CI services are provided by Michał Górny. The hardware was kindly provided by Todd Goodman. This unofficial service is not associated with Gentoo Infrastructure or Gentoo Foundation. This service is provided by the service provider "as is" and any express or implied warranties, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. In no event shall the service provider be liable for any direct, indirect, incidental, special, exemplary, or consequential damages (including, but not limited to, procurement of substitute goods or services; loss of use, data, or profits; or business interruption) however caused and on any theory of liability, whether in contract, strict liability, or tort (including negligence or otherwise) arising in any way out of the use of this service, even if advised of the possibility of such damage. |
As pointed out on IRC, it is rather hard to review these changes. I've uploaded a diff of the init script alone for simple review: https://gist.github.com/anthonyryan1/71a57772bc52b6e70dff7f1a8a2afeeb |
Pull request CI report Report generated at: 2018-04-26 18:26 UTC Issues already there before the PR (double-check them): Gentoo Mirror & CI services are provided by Michał Górny. The hardware was kindly provided by Todd Goodman. This unofficial service is not associated with Gentoo Infrastructure or Gentoo Foundation. This service is provided by the service provider "as is" and any express or implied warranties, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. In no event shall the service provider be liable for any direct, indirect, incidental, special, exemplary, or consequential damages (including, but not limited to, procurement of substitute goods or services; loss of use, data, or profits; or business interruption) however caused and on any theory of liability, whether in contract, strict liability, or tort (including negligence or otherwise) arising in any way out of the use of this service, even if advised of the possibility of such damage. |
Further remark here from IRC discussion: |
CC @gentoo/mysql
Blocker to merging: How do we set the user in the s6 init?
On startup wsrep_sst_rsync was failing to run because it checks to
see if the mysqld process is running. When the service is started
without --user, the mysqld process calls setuid() to perform the
user change itself. The setuid call will flip the dumpable bit for
the process, disabling the ability for the mysql user to ptrace it.
The hidepid=2 /proc mount option checks not only if the process is
owned by the user, but also if the user can ptrace the process. If a
process can not be ptraced, it does not appear in the output of ps.
As a result of this, wsrep_sst_rsync would start the rsync daemon
and immediately kill it because it thought mysqld wasn't running,
since it didn't appear in ps.
Starting mysqld as the correct user allows the process to appear.
Closes: https://bugs.gentoo.org/593046
Package-Manager: Portage-2.3.24, Repoman-2.3.6