projects / mariadb.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7ca357b) | patch
Add safe hardening to mariadb.service units
authorAquila Macedo <aquilamacedo@riseup.net>
Fri, 16 Jan 2026 00:53:16 +0000 (19:53 -0500)
committerPeter Michael Green <plugwash@raspbian.org>
Thu, 5 Mar 2026 22:49:06 +0000 (22:49 +0000)
commit6baaee5c380f1692605d60a3fcd73b3647ebc1e3
tree601b219318feb0145cca40dc49ed35a1735ad004tree | snapshot
parent7ca357b9d9690f27c2b221d43a2e3434a172036bcommit | diff
Add safe hardening to mariadb.service units

Add low regression systemd hardening directives to mariadb.service and
mariadb@.service to improve 'systemd-analyze security' without touching
the historically-problematic areas (capability bounding /
NoNewPrivileges / PrivateDevices). Refs: MDEV-10404, MDEV-19878,
MDEV-36591, MDEV-36681

Includes kernel/cgroup protections, disables realtime scheduling, locks
personality, and restricts namespace creation (overrideable via drop-in)

This patch should be submitted upstream once proven stable in Debian.

Forwarded: no

Gbp-Pq: Name systemd-hardening-safe-defaults.patch
support-files/mariadb.service.in diff | blob | history
support-files/mariadb@.service.in diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.