SHA256
1
0
forked from pool/mariadb

- fixed init script to

- work with SELinux (bnc#635645)
  - allow running as different user/group
  - create TMPDIR correctly

OBS-URL: https://build.opensuse.org/package/show/server:database/mariadb?expand=0&rev=37
This commit is contained in:
Michal Hrusecky (old before rename to _miska_) 2011-02-23 15:21:20 +00:00 committed by Git OBS Bridge
parent 1ec736a975
commit fc6e4560f9
2 changed files with 33 additions and 20 deletions

View File

@ -1,3 +1,11 @@
-------------------------------------------------------------------
Wed Feb 23 16:20:02 CET 2011 - mhrusecky@suse.cz
- fixed init script to
- work with SELinux (bnc#635645)
- allow running as different user/group
- create TMPDIR correctly
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Dec 7 11:27:24 CET 2010 - mhrusecky@suse.cz Tue Dec 7 11:27:24 CET 2010 - mhrusecky@suse.cz

View File

@ -1,5 +1,5 @@
#!/bin/bash #!/bin/bash
# Copyright (c) 1995-2010 SuSE Linux AG Nuernberg, Germany. # Copyright (c) 1995-2011 SuSE Linux AG Nuernberg, Germany.
# #
# Author: Lenz Grimmer # Author: Lenz Grimmer
# Maintainer: Michal Hrusecky <mhrusecky@suse.cz> # Maintainer: Michal Hrusecky <mhrusecky@suse.cz>
@ -61,11 +61,13 @@ fi
parse_arguments() { parse_arguments() {
for arg do for arg do
case "$arg" in case "$arg" in
--basedir=*) basedir="`echo "$arg" | sed -e 's/^[^=]*=//'`" ;; --basedir=*) basedir="`echo "$arg" | sed -e 's/^[^=]*=//'`" ;;
--datadir=*) datadir="`echo "$arg" | sed -e 's/^[^=]*=//'`" ;; --datadir=*) datadir="`echo "$arg" | sed -e 's/^[^=]*=//'`" ;;
--pid-file=*) pid_file="`echo "$arg" | sed -e 's/^[^=]*=//'`" ;; --pid-file=*) pid_file="`echo "$arg" | sed -e 's/^[^=]*=//'`" ;;
--socket=*) socket="`echo "$arg" | sed -e 's/^[^=]*=//'`" ;; --socket=*) socket="`echo "$arg" | sed -e 's/^[^=]*=//'`" ;;
--log-error=*) log_error="`echo "$arg" | sed -e 's/^[^=]*=//'`" ;; --log-error=*) log_error="`echo "$arg" | sed -e 's/^[^=]*=//'`" ;;
--user=*) mysql_daemon_user="`echo "$arg" | sed -e 's/^[^=]*=//'`" ;;
--group=*) mysql_daemon_group="`echo "$arg" | sed -e 's/^[^=]*=//'`" ;;
esac esac
done done
} }
@ -251,8 +253,6 @@ else
datadir=/var/lib/mysql datadir=/var/lib/mysql
mysql_daemon_user=mysql mysql_daemon_user=mysql
mysql_daemon_group=mysql mysql_daemon_group=mysql
mkdir -m 755 -p /var/run/mysql
chown $mysql_daemon_user:$mysql_daemon_group /var/run/mysql
pid_file=/var/run/mysql/mysqld.pid pid_file=/var/run/mysql/mysqld.pid
socket=/var/run/mysql/mysql.sock socket=/var/run/mysql/mysql.sock
print_defaults=/usr/bin/my_print_defaults print_defaults=/usr/bin/my_print_defaults
@ -267,7 +267,9 @@ else
log_query="${log_base}-query.log" log_query="${log_base}-query.log"
parse_arguments `$print_defaults $defaults mysqld mysql_server` parse_arguments `$print_defaults $defaults mysqld mysql_server`
export TMPDIR="`cat /var/run/mysql/tmpdir 2> /dev/null`" mkdir -m 755 -p /var/run/mysql
chown $mysql_daemon_user:$mysql_daemon_group /var/run/mysql
export TEMPDIR="`cat /var/run/mysql/tmpdir 2> /dev/null`"
# Safeguard (relative paths, core dumps..) # Safeguard (relative paths, core dumps..)
cd "$basedir" cd "$basedir"
@ -279,14 +281,15 @@ else
rc_status -v && rc_exit rc_status -v && rc_exit
# prepare tmp dir # prepare tmp dir
if [ "$TMPDIR" ] && [ -d "$TMPDIR" ] && \ unset TMPDIR
[ "`ls -ld "$TMPDIR" | grep "^drwx------[[:blank:]]\+[0-9]\+[[:blank:]]\+$mysql_daemon_user[[:blank:]]\+$mysql_daemon_group[[:blank:]]\+.*"`" ]; then if [ "$TEMPDIR" ] && [ -d "$TEMPDIR" ] && \
rm -rf "$TMPDIR" [ "`ls -ld "$TEMPDIR" | grep "^drwx------[\\.\+]\?[[:blank:]]\+[0-9]\+[[:blank:]]\+$mysql_daemon_user[[:blank:]]\+$mysql_daemon_group[[:blank:]]\+.*"`" ]; then
rm -rf "$TEMPDIR"
fi fi
TMPDIR="`mktemp -d -p /var/tmp mysql.XXXXXX | tee /var/run/mysql/tmpdir`" TEMPDIR="`mktemp -d -p /var/tmp mysql.XXXXXX | tee /var/run/mysql/tmpdir`"
[ -z "$TMPDIR" ] || chown "$mysql_daemon_user:$mysql_daemon_group" "$TMPDIR" [ -z "$TEMPDIR" ] || chown "$mysql_daemon_user:$mysql_daemon_group" "$TEMPDIR"
[ "`ls -ld "$TMPDIR" | grep "^drwx------[[:blank:]]\+[0-9]\+[[:blank:]]\+$mysql_daemon_user[[:blank:]]\+$mysql_daemon_group[[:blank:]]\+.*"`" ] || { [ "`ls -ld "$TEMPDIR" | grep "^drwx------[\\.\+]\?[[:blank:]]\+[0-9]\+[[:blank:]]\+$mysql_daemon_user[[:blank:]]\+$mysql_daemon_group[[:blank:]]\+.*"`" ] || {
echo "Can't create secure $TMPDIR" echo "Can't create secure $TEMPDIR"
rc_failed; rc_status -v; rc_exit; rc_failed; rc_status -v; rc_exit;
} }
@ -378,8 +381,9 @@ else
fi fi
fi fi
protected="`mktemp -d -p /var/tmp mysql-protected.XXXXXX | tee /var/run/mysql/protecteddir`" protected="`mktemp -d -p /var/tmp mysql-protected.XXXXXX | tee /var/run/mysql/protecteddir`"
export TMPDIR="$TEMPDIR"
[ -z "$protected" ] || chown "$mysql_daemon_user:$mysql_daemon_group" "$protected" [ -z "$protected" ] || chown "$mysql_daemon_user:$mysql_daemon_group" "$protected"
[ "`ls -ld "$protected" | grep "^drwx------[[:blank:]]\+[0-9]\+[[:blank:]]\+$mysql_daemon_user[[:blank:]]\+$mysql_daemon_group[[:blank:]]\+.*"`" ] || { [ "`ls -ld "$protected" | grep "^drwx------[\\.\+]\?[[:blank:]]\+[0-9]\+[[:blank:]]\+$mysql_daemon_user[[:blank:]]\+$mysql_daemon_group[[:blank:]]\+.*"`" ] || {
echo "Can't create secure $protected" | tee -a "$log_upgrade" echo "Can't create secure $protected" | tee -a "$log_upgrade"
rc_failed; rc_status -v; rc_exit; rc_failed; rc_status -v; rc_exit;
} }
@ -419,6 +423,7 @@ else
chmod 640 "$log_upgrade" chmod 640 "$log_upgrade"
fi fi
export TMPDIR="$TEMPDIR"
echo -n "Starting service MySQL " echo -n "Starting service MySQL "
@ -443,9 +448,9 @@ else
stop) stop)
echo -n "Shutting down service MySQL " echo -n "Shutting down service MySQL "
kill_mysql kill_mysql
if [ "$TMPDIR" ] && [ -d "$TMPDIR" ] && \ if [ "$TEMPDIR" ] && [ -d "$TEMPDIR" ] && \
[ "`ls -ld "$TMPDIR" | grep "^drwx------[[:blank:]]\+[0-9]\+[[:blank:]]\+$mysql_daemon_user[[:blank:]]\+$mysql_daemon_group[[:blank:]]\+.*"`" ]; then [ "`ls -ld "$TEMPDIR" | grep "^drwx------[\\.\+]\?[[:blank:]]\+[0-9]\+[[:blank:]]\+$mysql_daemon_user[[:blank:]]\+$mysql_daemon_group[[:blank:]]\+.*"`" ]; then
rm -rf "$TMPDIR" rm -rf "$TEMPDIR"
fi fi
# Remember status and be verbose # Remember status and be verbose
rc_status -v rc_status -v