projects / mariadb.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6f4f11e) | patch
Add safe hardening to mariadb.service units
authorAquila Macedo <aquilamacedo@riseup.net>
Fri, 16 Jan 2026 00:53:16 +0000 (19:53 -0500)
committerLena Voytek <lena@voytek.dev>
Tue, 24 Mar 2026 13:26:38 +0000 (09:26 -0400)
commit3e0156f0c69840fb9c94b767d51cfbc83ae1d43f
tree0f27c35796e2b833d7fc73f85fe5ef5b71f020d7tree | snapshot
parent6f4f11e5da98720efde4edf24050fa2d6266a4f6commit | diff
Add safe hardening to mariadb.service units

Add low regression systemd hardening directives to mariadb.service and
mariadb@.service to improve 'systemd-analyze security' without touching
the historically-problematic areas (capability bounding /
NoNewPrivileges / PrivateDevices). Refs: MDEV-10404, MDEV-19878,
MDEV-36591, MDEV-36681

Includes kernel/cgroup protections, disables realtime scheduling, locks
personality, and restricts namespace creation (overrideable via drop-in)

This patch should be submitted upstream once proven stable in Debian.

Forwarded: no

Gbp-Pq: Name systemd-hardening-safe-defaults.patch
support-files/mariadb.service.in diff | blob | history
support-files/mariadb@.service.in diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.