Mirrors/MariaDB-server
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-12-28 08:10:14 +00:00
Code Issues Actions 5 Packages Projects Releases Wiki Activity
85ecb80fa3
MariaDB-server/support-files
History
Daniel Black 85ecb80fa3 MDEV-36229: Remove CAP_DAC_OVERRIDE CAP_AUDIT_WRITE from AmbientCapabilities 
In resolving MDEV-33301 (76a27155b4) we
moved all the capabilities from CapabilityBoundingSet to AmbientCapabilities
where only add/moving CAP_IPC_LOCK was intended.

The effect of this is the defaulting running MariaDB HAS the capabiltiy
CAP_DAC_OVERRIDE CAP_AUDIT_WRITE allowing it to access any file,
even while running as a non-root user.

Resolve this by making CAP_IPC_LOCK apply to AmbientCapabilities and
leave the remaining CAP_DAC_OVERRIDE CAP_AUDIT_WRITE to CapabilityBoundingSet
for the use by auth_pam_tool.
2025-03-26 10:50:31 +02:00
..
dtrace
MacOSX MDEV-22569: Run bin/mariadbd instead of bin/mysqld 2020-06-16 12:59:30 +03:00
policy MDEV-33301 memlock with systemd still not working 2024-03-27 13:36:31 +11:00
rpm MDEV-4151 Mixed MySQL/MariaDB references in RPM upgrade error message 2025-03-05 14:44:14 +02:00
binary-configure.sh MDEV-22569: Run bin/mariadbd instead of bin/mysqld 2020-06-16 12:59:30 +03:00
build-tags
ccfilter
CMakeLists.txt Revert "use environment file in systemd units for _WSREP_START_POSITION" 2023-08-08 15:46:39 +01:00
compiler_warnings.supp
db.opt
magic
mariadb.pc.in mariadb.pc: plugindir is used 2021-03-18 14:35:55 +11:00
mariadb.service.in MDEV-36229: Remove CAP_DAC_OVERRIDE CAP_AUDIT_WRITE from AmbientCapabilities 2025-03-26 10:50:31 +02:00
mariadb@.service.in MDEV-36229: Remove CAP_DAC_OVERRIDE CAP_AUDIT_WRITE from AmbientCapabilities 2025-03-26 10:50:31 +02:00
mysql-log-rotate.sh Merge branch '10.4' into 10.5 2022-02-01 20:33:04 +01:00
mysql-multi.server.sh MDEV-22569: Run bin/mariadbd instead of bin/mysqld 2020-06-16 12:59:30 +03:00
mysql.m4
mysql.server-sys5.sh MDEV-22569: Run bin/mariadbd instead of bin/mysqld 2020-06-16 12:59:30 +03:00
mysql.server.sh Merge 10.4 into 10.5 2022-06-09 12:22:55 +03:00
mysqld_multi.server.sh
sysusers.conf.in
tmpfiles.conf.in
use_galera_new_cluster.conf systemd: mariadb@bootstrap - clear ExecStartPre and ExecStartPost 2020-09-22 15:37:44 +10:00
wsrep_notify.sh MDEV-29814: galera_var_notify_ssl_ipv6 causes testing system to hang 2022-12-10 01:11:55 +01:00
wsrep.cnf.sh