From fc6e4560f9af12bcc27e8de7d0e6e4e3638ac7ab65fbd8269f6abd0dd6a29144 Mon Sep 17 00:00:00 2001 From: "Michal Hrusecky (old before rename to _miska_)" Date: Wed, 23 Feb 2011 15:21:20 +0000 Subject: [PATCH] - fixed init script to - work with SELinux (bnc#635645) - allow running as different user/group - create TMPDIR correctly OBS-URL: https://build.opensuse.org/package/show/server:database/mariadb?expand=0&rev=37 --- mariadb.changes | 8 ++++++++ rc.mysql-multi | 45 +++++++++++++++++++++++++-------------------- 2 files changed, 33 insertions(+), 20 deletions(-) diff --git a/mariadb.changes b/mariadb.changes index 3749a8f..e8eb137 100644 --- a/mariadb.changes +++ b/mariadb.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Wed Feb 23 16:20:02 CET 2011 - mhrusecky@suse.cz + +- fixed init script to + - work with SELinux (bnc#635645) + - allow running as different user/group + - create TMPDIR correctly + ------------------------------------------------------------------- Tue Dec 7 11:27:24 CET 2010 - mhrusecky@suse.cz diff --git a/rc.mysql-multi b/rc.mysql-multi index 20f9e84..ea233b2 100644 --- a/rc.mysql-multi +++ b/rc.mysql-multi @@ -1,5 +1,5 @@ #!/bin/bash -# Copyright (c) 1995-2010 SuSE Linux AG Nuernberg, Germany. +# Copyright (c) 1995-2011 SuSE Linux AG Nuernberg, Germany. # # Author: Lenz Grimmer # Maintainer: Michal Hrusecky @@ -61,11 +61,13 @@ fi parse_arguments() { for arg do case "$arg" in - --basedir=*) basedir="`echo "$arg" | sed -e 's/^[^=]*=//'`" ;; - --datadir=*) datadir="`echo "$arg" | sed -e 's/^[^=]*=//'`" ;; - --pid-file=*) pid_file="`echo "$arg" | sed -e 's/^[^=]*=//'`" ;; - --socket=*) socket="`echo "$arg" | sed -e 's/^[^=]*=//'`" ;; - --log-error=*) log_error="`echo "$arg" | sed -e 's/^[^=]*=//'`" ;; + --basedir=*) basedir="`echo "$arg" | sed -e 's/^[^=]*=//'`" ;; + --datadir=*) datadir="`echo "$arg" | sed -e 's/^[^=]*=//'`" ;; + --pid-file=*) pid_file="`echo "$arg" | sed -e 's/^[^=]*=//'`" ;; + --socket=*) socket="`echo "$arg" | sed -e 's/^[^=]*=//'`" ;; + --log-error=*) log_error="`echo "$arg" | sed -e 's/^[^=]*=//'`" ;; + --user=*) mysql_daemon_user="`echo "$arg" | sed -e 's/^[^=]*=//'`" ;; + --group=*) mysql_daemon_group="`echo "$arg" | sed -e 's/^[^=]*=//'`" ;; esac done } @@ -251,8 +253,6 @@ else datadir=/var/lib/mysql mysql_daemon_user=mysql mysql_daemon_group=mysql - mkdir -m 755 -p /var/run/mysql - chown $mysql_daemon_user:$mysql_daemon_group /var/run/mysql pid_file=/var/run/mysql/mysqld.pid socket=/var/run/mysql/mysql.sock print_defaults=/usr/bin/my_print_defaults @@ -267,7 +267,9 @@ else log_query="${log_base}-query.log" parse_arguments `$print_defaults $defaults mysqld mysql_server` - export TMPDIR="`cat /var/run/mysql/tmpdir 2> /dev/null`" + mkdir -m 755 -p /var/run/mysql + chown $mysql_daemon_user:$mysql_daemon_group /var/run/mysql + export TEMPDIR="`cat /var/run/mysql/tmpdir 2> /dev/null`" # Safeguard (relative paths, core dumps..) cd "$basedir" @@ -279,14 +281,15 @@ else rc_status -v && rc_exit # prepare tmp dir - if [ "$TMPDIR" ] && [ -d "$TMPDIR" ] && \ - [ "`ls -ld "$TMPDIR" | grep "^drwx------[[:blank:]]\+[0-9]\+[[:blank:]]\+$mysql_daemon_user[[:blank:]]\+$mysql_daemon_group[[:blank:]]\+.*"`" ]; then - rm -rf "$TMPDIR" + unset TMPDIR + if [ "$TEMPDIR" ] && [ -d "$TEMPDIR" ] && \ + [ "`ls -ld "$TEMPDIR" | grep "^drwx------[\\.\+]\?[[:blank:]]\+[0-9]\+[[:blank:]]\+$mysql_daemon_user[[:blank:]]\+$mysql_daemon_group[[:blank:]]\+.*"`" ]; then + rm -rf "$TEMPDIR" fi - TMPDIR="`mktemp -d -p /var/tmp mysql.XXXXXX | tee /var/run/mysql/tmpdir`" - [ -z "$TMPDIR" ] || chown "$mysql_daemon_user:$mysql_daemon_group" "$TMPDIR" - [ "`ls -ld "$TMPDIR" | grep "^drwx------[[:blank:]]\+[0-9]\+[[:blank:]]\+$mysql_daemon_user[[:blank:]]\+$mysql_daemon_group[[:blank:]]\+.*"`" ] || { - echo "Can't create secure $TMPDIR" + TEMPDIR="`mktemp -d -p /var/tmp mysql.XXXXXX | tee /var/run/mysql/tmpdir`" + [ -z "$TEMPDIR" ] || chown "$mysql_daemon_user:$mysql_daemon_group" "$TEMPDIR" + [ "`ls -ld "$TEMPDIR" | grep "^drwx------[\\.\+]\?[[:blank:]]\+[0-9]\+[[:blank:]]\+$mysql_daemon_user[[:blank:]]\+$mysql_daemon_group[[:blank:]]\+.*"`" ] || { + echo "Can't create secure $TEMPDIR" rc_failed; rc_status -v; rc_exit; } @@ -378,8 +381,9 @@ else fi fi protected="`mktemp -d -p /var/tmp mysql-protected.XXXXXX | tee /var/run/mysql/protecteddir`" + export TMPDIR="$TEMPDIR" [ -z "$protected" ] || chown "$mysql_daemon_user:$mysql_daemon_group" "$protected" - [ "`ls -ld "$protected" | grep "^drwx------[[:blank:]]\+[0-9]\+[[:blank:]]\+$mysql_daemon_user[[:blank:]]\+$mysql_daemon_group[[:blank:]]\+.*"`" ] || { + [ "`ls -ld "$protected" | grep "^drwx------[\\.\+]\?[[:blank:]]\+[0-9]\+[[:blank:]]\+$mysql_daemon_user[[:blank:]]\+$mysql_daemon_group[[:blank:]]\+.*"`" ] || { echo "Can't create secure $protected" | tee -a "$log_upgrade" rc_failed; rc_status -v; rc_exit; } @@ -419,6 +423,7 @@ else chmod 640 "$log_upgrade" fi + export TMPDIR="$TEMPDIR" echo -n "Starting service MySQL " @@ -443,9 +448,9 @@ else stop) echo -n "Shutting down service MySQL " kill_mysql - if [ "$TMPDIR" ] && [ -d "$TMPDIR" ] && \ - [ "`ls -ld "$TMPDIR" | grep "^drwx------[[:blank:]]\+[0-9]\+[[:blank:]]\+$mysql_daemon_user[[:blank:]]\+$mysql_daemon_group[[:blank:]]\+.*"`" ]; then - rm -rf "$TMPDIR" + if [ "$TEMPDIR" ] && [ -d "$TEMPDIR" ] && \ + [ "`ls -ld "$TEMPDIR" | grep "^drwx------[\\.\+]\?[[:blank:]]\+[0-9]\+[[:blank:]]\+$mysql_daemon_user[[:blank:]]\+$mysql_daemon_group[[:blank:]]\+.*"`" ]; then + rm -rf "$TEMPDIR" fi # Remember status and be verbose rc_status -v