[Commits] 881023b: MDEV-9095 - [PATCH] systemd capability for --memlock

Sergey Vojtovich svoj at mariadb.org
Tue Dec 22 12:53:24 EET 2015


revision-id: 881023b253f4e644beb94bd82f1b3577d33194a9 (mariadb-10.1.9-26-g881023b)
parent(s): fdce930ac6de9edfd53b851b542a4d07a95b3139
committer: Sergey Vojtovich
timestamp: 2015-12-22 14:51:26 +0400
message:

MDEV-9095 - [PATCH] systemd capability for --memlock

Adjust systemd files to enable CAP_IPC_LOCK to allow rootless mlockall
(triggered by memlock option).

This is amended version of a patch originally submitted by Daniel Black.

---
 sql/mysqld.cc                     | 26 ++++++++++++++++----------
 support-files/mariadb.service.in  |  3 +++
 support-files/mariadb at .service.in |  3 +++
 3 files changed, 22 insertions(+), 10 deletions(-)

diff --git a/sql/mysqld.cc b/sql/mysqld.cc
index bdd6495..c6a0a7d 100644
--- a/sql/mysqld.cc
+++ b/sql/mysqld.cc
@@ -5398,25 +5398,31 @@ static int init_server_components()
     (void) mi_log(1);
 
 #if defined(HAVE_MLOCKALL) && defined(MCL_CURRENT) && !defined(EMBEDDED_LIBRARY)
-  if (locked_in_memory && !getuid())
+  if (locked_in_memory)
   {
-    if (setreuid((uid_t)-1, 0) == -1)
-    {                        // this should never happen
-      sql_perror("setreuid");
-      unireg_abort(1);
+    int error;
+    if (user_info)
+    {
+      DBUG_ASSERT(!getuid());
+      if (setreuid((uid_t) -1, 0) == -1)
+      {
+        sql_perror("setreuid");
+        unireg_abort(1);
+      }
+      error= mlockall(MCL_CURRENT);
+      set_user(mysqld_user, user_info);
     }
-    if (mlockall(MCL_CURRENT))
+    else
+      error= mlockall(MCL_CURRENT);
+
+    if (error)
     {
       if (global_system_variables.log_warnings)
 	sql_print_warning("Failed to lock memory. Errno: %d\n",errno);
       locked_in_memory= 0;
     }
-    if (user_info)
-      set_user(mysqld_user, user_info);
   }
-  else
 #endif
-    locked_in_memory=0;
 
   ft_init_stopwords();
 
diff --git a/support-files/mariadb.service.in b/support-files/mariadb.service.in
index bf1e3be..b18674b 100644
--- a/support-files/mariadb.service.in
+++ b/support-files/mariadb.service.in
@@ -42,6 +42,9 @@ PrivateNetwork=false
 User=mysql
 Group=mysql
 
+# To allow memlock to be used as non-root user if set in configuration
+CapabilityBoundingSet=CAP_IPC_LOCK
+
 # Execute pre and post scripts as root, otherwise it does it as User=
 PermissionsStartOnly=true
 
diff --git a/support-files/mariadb at .service.in b/support-files/mariadb at .service.in
index aca95cd..fb3b4b5 100644
--- a/support-files/mariadb at .service.in
+++ b/support-files/mariadb at .service.in
@@ -49,6 +49,9 @@ PrivateNetwork=false
 User=mysql
 Group=mysql
 
+# To allow memlock to be used as non-root user if set in configuration
+CapabilityBoundingSet=CAP_IPC_LOCK
+
 # Execute pre and post scripts as root, otherwise it does it as User=
 PermissionsStartOnly=true
 


More information about the commits mailing list