- fixed init script to

- work with SELinux (bnc#635645)
  - allow running as different user/group
  - create TMPDIR correctly

OBS-URL: https://build.opensuse.org/package/show/server:database/mariadb?expand=0&rev=37

mariadb.changes

@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Wed Feb 23 16:20:02 CET 2011 - mhrusecky@suse.cz
+
+- fixed init script to
+  - work with SELinux (bnc#635645)
+  - allow running as different user/group
+  - create TMPDIR correctly
+
 -------------------------------------------------------------------
 Tue Dec  7 11:27:24 CET 2010 - mhrusecky@suse.cz
 

rc.mysql-multi

@@ -1,5 +1,5 @@
 #!/bin/bash
-# Copyright (c) 1995-2010 SuSE Linux AG Nuernberg, Germany.
+# Copyright (c) 1995-2011 SuSE Linux AG Nuernberg, Germany.
 #
 # Author:     Lenz Grimmer
 # Maintainer: Michal Hrusecky <mhrusecky@suse.cz>
@@ -61,11 +61,13 @@ fi
 parse_arguments() {
   for arg do
     case "$arg" in
-      --basedir=*)   basedir="`echo "$arg"   | sed -e 's/^[^=]*=//'`" ;;
-      --datadir=*)   datadir="`echo "$arg"   | sed -e 's/^[^=]*=//'`" ;;
-      --pid-file=*)  pid_file="`echo "$arg"  | sed -e 's/^[^=]*=//'`" ;;
-      --socket=*)    socket="`echo "$arg"    | sed -e 's/^[^=]*=//'`" ;;
-      --log-error=*) log_error="`echo "$arg" | sed -e 's/^[^=]*=//'`" ;;
+      --basedir=*)   basedir="`echo "$arg"            | sed -e 's/^[^=]*=//'`" ;;
+      --datadir=*)   datadir="`echo "$arg"            | sed -e 's/^[^=]*=//'`" ;;
+      --pid-file=*)  pid_file="`echo "$arg"           | sed -e 's/^[^=]*=//'`" ;;
+      --socket=*)    socket="`echo "$arg"             | sed -e 's/^[^=]*=//'`" ;;
+      --log-error=*) log_error="`echo "$arg"          | sed -e 's/^[^=]*=//'`" ;;
+      --user=*)      mysql_daemon_user="`echo "$arg"  | sed -e 's/^[^=]*=//'`" ;;
+      --group=*)     mysql_daemon_group="`echo "$arg" | sed -e 's/^[^=]*=//'`" ;;
     esac
   done
 }
@@ -251,8 +253,6 @@ else
 	datadir=/var/lib/mysql
 	mysql_daemon_user=mysql
 	mysql_daemon_group=mysql
-	mkdir -m 755 -p /var/run/mysql
-	chown $mysql_daemon_user:$mysql_daemon_group /var/run/mysql
 	pid_file=/var/run/mysql/mysqld.pid
 	socket=/var/run/mysql/mysql.sock
 	print_defaults=/usr/bin/my_print_defaults
@@ -267,7 +267,9 @@ else
 	log_query="${log_base}-query.log"
 
 	parse_arguments `$print_defaults $defaults mysqld mysql_server`
-	export TMPDIR="`cat /var/run/mysql/tmpdir 2> /dev/null`"
+	mkdir -m 755 -p /var/run/mysql
+	chown $mysql_daemon_user:$mysql_daemon_group /var/run/mysql
+	export TEMPDIR="`cat /var/run/mysql/tmpdir 2> /dev/null`"
 
 	# Safeguard (relative paths, core dumps..)
 	cd "$basedir"
@@ -279,14 +281,15 @@ else
 		rc_status -v && rc_exit
 
 		# prepare tmp dir
-		if [ "$TMPDIR" ] && [ -d "$TMPDIR" ] && \
-			[ "`ls -ld "$TMPDIR" | grep "^drwx------[[:blank:]]\+[0-9]\+[[:blank:]]\+$mysql_daemon_user[[:blank:]]\+$mysql_daemon_group[[:blank:]]\+.*"`" ]; then
-			rm -rf "$TMPDIR"
+		unset TMPDIR
+		if [ "$TEMPDIR" ] && [ -d "$TEMPDIR" ] && \
+			[ "`ls -ld "$TEMPDIR" | grep "^drwx------[\\.\+]\?[[:blank:]]\+[0-9]\+[[:blank:]]\+$mysql_daemon_user[[:blank:]]\+$mysql_daemon_group[[:blank:]]\+.*"`" ]; then
+			rm -rf "$TEMPDIR"
 		fi
-		TMPDIR="`mktemp -d -p /var/tmp mysql.XXXXXX | tee /var/run/mysql/tmpdir`"
-		[ -z "$TMPDIR" ] || chown "$mysql_daemon_user:$mysql_daemon_group" "$TMPDIR"
-		[ "`ls -ld "$TMPDIR" | grep "^drwx------[[:blank:]]\+[0-9]\+[[:blank:]]\+$mysql_daemon_user[[:blank:]]\+$mysql_daemon_group[[:blank:]]\+.*"`" ] || {
-			echo "Can't create secure $TMPDIR"
+		TEMPDIR="`mktemp -d -p /var/tmp mysql.XXXXXX | tee /var/run/mysql/tmpdir`"
+		[ -z "$TEMPDIR" ] || chown "$mysql_daemon_user:$mysql_daemon_group" "$TEMPDIR"
+		[ "`ls -ld "$TEMPDIR" | grep "^drwx------[\\.\+]\?[[:blank:]]\+[0-9]\+[[:blank:]]\+$mysql_daemon_user[[:blank:]]\+$mysql_daemon_group[[:blank:]]\+.*"`" ] || {
+			echo "Can't create secure $TEMPDIR"
 			rc_failed; rc_status -v; rc_exit;
 		}
 
@@ -378,8 +381,9 @@ else
 				fi
 			fi
 			protected="`mktemp -d -p /var/tmp mysql-protected.XXXXXX | tee /var/run/mysql/protecteddir`"
+			export TMPDIR="$TEMPDIR"
 			[ -z "$protected" ] || chown "$mysql_daemon_user:$mysql_daemon_group" "$protected"
-			[ "`ls -ld "$protected" | grep "^drwx------[[:blank:]]\+[0-9]\+[[:blank:]]\+$mysql_daemon_user[[:blank:]]\+$mysql_daemon_group[[:blank:]]\+.*"`" ] || {
+			[ "`ls -ld "$protected" | grep "^drwx------[\\.\+]\?[[:blank:]]\+[0-9]\+[[:blank:]]\+$mysql_daemon_user[[:blank:]]\+$mysql_daemon_group[[:blank:]]\+.*"`" ] || {
 				echo "Can't create secure $protected" | tee -a "$log_upgrade"
 				rc_failed; rc_status -v; rc_exit;
 			}
@@ -419,6 +423,7 @@ else
 			chmod 640 "$log_upgrade"
 		fi 
 
+		export TMPDIR="$TEMPDIR"
 
 		echo -n "Starting service MySQL "
 		
@@ -443,9 +448,9 @@ else
 	    stop)
 		echo -n "Shutting down service MySQL "
 		kill_mysql
-		if [ "$TMPDIR" ] && [ -d "$TMPDIR" ] && \
-			[ "`ls -ld "$TMPDIR" | grep "^drwx------[[:blank:]]\+[0-9]\+[[:blank:]]\+$mysql_daemon_user[[:blank:]]\+$mysql_daemon_group[[:blank:]]\+.*"`" ]; then
-			rm -rf "$TMPDIR"
+		if [ "$TEMPDIR" ] && [ -d "$TEMPDIR" ] && \
+			[ "`ls -ld "$TEMPDIR" | grep "^drwx------[\\.\+]\?[[:blank:]]\+[0-9]\+[[:blank:]]\+$mysql_daemon_user[[:blank:]]\+$mysql_daemon_group[[:blank:]]\+.*"`" ]; then
+			rm -rf "$TEMPDIR"
 		fi
 		# Remember status and be verbose
 		rc_status -v