dev-db/mysql-init-scripts: Revbump for bug 587416

Package-Manager: portage-2.3.0
author: Brian Evans <grknight@gentoo.org> 2016-07-20 12:34:15 -0400
committer: Brian Evans <grknight@gentoo.org> 2016-07-20 12:34:15 -0400
commit: b85142cdd9623c78c904dbb99c258ebf2424c32c (patch)
tree: 872978754dcc22c9d9e5ced64c4d190f05d6f46d /dev-db/mysql-init-scripts
parent: kde-apps/libkipi: amd64/x86 stable (diff)
download: gentoo-b85142cdd9623c78c904dbb99c258ebf2424c32c.tar.gz
gentoo-b85142cdd9623c78c904dbb99c258ebf2424c32c.tar.bz2
gentoo-b85142cdd9623c78c904dbb99c258ebf2424c32c.zip
3 files changed, 38 insertions, 3 deletions
diff --git a/dev-db/mysql-init-scripts/files/mysqld-v2.service b/dev-db/mysql-init-scripts/files/mysqld-v2.service
index 12f773155a64..056b4137dabc 100644
--- a/dev-db/mysql-init-scripts/files/mysqld-v2.service
+++ b/dev-db/mysql-init-scripts/files/mysqld-v2.service
@@ -18,10 +18,28 @@ ExecStartPost=/usr/libexec/mysqld-wait-ready $MAINPID
 TimeoutSec=300
 
 # We rely on systemd, not mysqld_safe, to restart mysqld if it dies
-Restart=always
+# Restart crashed server only, on-failure would also restart, for example, when
+# my.cnf contains unknown option
+Restart=on-abort
+RestartSec=5s
 
 # Place temp files in a secure directory, not /tmp
 PrivateTmp=true
 
+# To allow memlock to be used as non-root user if set in configuration
+CapabilityBoundingSet=CAP_IPC_LOCK
+
+# Prevent writes to /usr, /boot, and /etc
+ProtectSystem=full
+
+NoNewPrivileges=true
+
+PrivateDevices=true
+
+# Prevent accessing /home, /root and /run/user
+ProtectHome=true
+
+UMask=007
+
 [Install]
 WantedBy=multi-user.target
diff --git a/dev-db/mysql-init-scripts/files/mysqld_at-v2.service b/dev-db/mysql-init-scripts/files/mysqld_at-v2.service
index 4c6a8caf46d7..770a2e8d4dde 100644
--- a/dev-db/mysql-init-scripts/files/mysqld_at-v2.service
+++ b/dev-db/mysql-init-scripts/files/mysqld_at-v2.service
@@ -16,11 +16,28 @@ ExecStartPost=/usr/libexec/mysqld-wait-ready $MAINPID
 # Give a reasonable amount of time for the server to start up/shut down
 TimeoutSec=300
 
-# We rely on systemd, not mysqld_safe, to restart mysqld if it dies
-Restart=always
+# Restart crashed server only, on-failure would also restart, for example, when
+# my.cnf contains unknown option
+Restart=on-abort
+RestartSec=5s
 
 # Place temp files in a secure directory, not /tmp
 PrivateTmp=true
 
+# To allow memlock to be used as non-root user if set in configuration
+CapabilityBoundingSet=CAP_IPC_LOCK
+
+# Prevent writes to /usr, /boot, and /etc
+ProtectSystem=full
+
+NoNewPrivileges=true
+
+PrivateDevices=true
+
+# Prevent accessing /home, /root and /run/user
+ProtectHome=true
+
+UMask=007
+
 [Install]
 WantedBy=multi-user.target
diff --git a/dev-db/mysql-init-scripts/mysql-init-scripts-2.1.ebuild b/dev-db/mysql-init-scripts/mysql-init-scripts-2.1-r1.ebuild
index dad018dc8dc6..dad018dc8dc6 100644
--- a/dev-db/mysql-init-scripts/mysql-init-scripts-2.1.ebuild
+++ b/dev-db/mysql-init-scripts/mysql-init-scripts-2.1-r1.ebuild
author	Brian Evans <grknight@gentoo.org>	2016-07-20 12:34:15 -0400
committer	Brian Evans <grknight@gentoo.org>	2016-07-20 12:34:15 -0400
commit	b85142cdd9623c78c904dbb99c258ebf2424c32c (patch)
tree	872978754dcc22c9d9e5ced64c4d190f05d6f46d /dev-db/mysql-init-scripts
parent	kde-apps/libkipi: amd64/x86 stable (diff)
download	gentoo-b85142cdd9623c78c904dbb99c258ebf2424c32c.tar.gz gentoo-b85142cdd9623c78c904dbb99c258ebf2424c32c.tar.bz2 gentoo-b85142cdd9623c78c904dbb99c258ebf2424c32c.zip