SHA256
1
0
forked from pool/mariadb
mariadb/mariadb@.service

73 lines
2.1 KiB
Desktop File

# It's not recommended to modify this unit file because your changes
# would be overwritten during the package update.
#
# However, there are 2 methods how to customize this unit file:
#
# 1) Copy this unit file from /usr/lib/systemd/system to
# /etc/systemd/system and modify the chosen settings.
#
# 2) Create a directory named mariadb.service.d/ within /etc/systemd/system
# and place a drop-in file name.conf there that only changes the specific
# settings one is interested in.
#
# see systemd.unit(5) for details
#
# Example - increasing of the TimeoutSec= limit
# mkdir /etc/systemd/system/mariadb.service.d
# cat > /etc/systemd/system/mariadb.service.d/timeout.conf << EOF
# [Service]
# TimeoutSec=600
# EOF
[Unit]
Description=MariaDB @VERSION@ database server - %I instance
Documentation=man:mysqld(8)
Documentation=https://mariadb.com/kb/en/library/systemd/
Wants=basic.target
PartOf=mariadb.target
After=basic.target network.target
[Install]
WantedBy=multi-user.target
Alias=mysql.service
[Service]
ExecStartPre=/usr/lib/mysql/mysql-systemd-helper install %i
ExecStartPre=/usr/lib/mysql/mysql-systemd-helper upgrade %i
ExecStart=/usr/lib/mysql/mysql-systemd-helper start %i
Type=notify
User=mysql
Group=mysql
KillSignal=SIGTERM
# Don't want to see an automated SIGKILL ever
SendSIGKILL=no
# Restart crashed server only, on-failure would also restart, for example, when
# my.cnf contains unknown option
Restart=on-abort
RestartSec=5s
# Configures the time to wait for start-up/stop
TimeoutSec=300
# CAP_IPC_LOCK To allow memlock to be used as non-root user
# CAP_DAC_OVERRIDE To allow auth_pam_tool (which is SUID root) to read /etc/shadow when it's chmod 0
# does nothing for non-root, not needed if /etc/shadow is u+r
# CAP_AUDIT_WRITE auth_pam_tool needs it on Debian for whatever reason
CapabilityBoundingSet=CAP_IPC_LOCK CAP_DAC_OVERRIDE CAP_AUDIT_WRITE
# Prevent writes to /usr, /boot, and /etc
ProtectSystem=full
# Prevent accessing /home, /root and /run/user
ProtectHome=true
# Execute pre and post scripts as root, otherwise it does it as User=
PermissionsStartOnly=true
UMask=007