projects / mariadb.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f7edd97) | patch
Add safe hardening to mariadb.service units
authorAquila Macedo <aquilamacedo@riseup.net>
Fri, 16 Jan 2026 00:53:16 +0000 (19:53 -0500)
committerOtto Kekäläinen <otto@debian.org>
Thu, 19 Feb 2026 08:08:08 +0000 (08:08 +0000)
commitb4afd1a1f0ad7ff31c6d5bc150b8750e13f667e1
tree80fb4dabd5b12d599f806c0ff40e96e74fe5ba99tree | snapshot
parentf7edd97247ac28188bf2cab8cac6d93c10b096a1commit | diff
Add safe hardening to mariadb.service units

Add low regression systemd hardening directives to mariadb.service and
mariadb@.service to improve 'systemd-analyze security' without touching
the historically-problematic areas (capability bounding /
NoNewPrivileges / PrivateDevices). Refs: MDEV-10404, MDEV-19878,
MDEV-36591, MDEV-36681

Includes kernel/cgroup protections, disables realtime scheduling, locks
personality, and restricts namespace creation (overrideable via drop-in)

This patch should be submitted upstream once proven stable in Debian.

Forwarded: no

Gbp-Pq: Name systemd-hardening-safe-defaults.patch
support-files/mariadb.service.in diff | blob | history
support-files/mariadb@.service.in diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.