gentoo resync : 14.07.2018

1 files changed, 45 insertions, 0 deletions

diff --git a/dev-db/mysql-init-scripts/files/mysqld_at-v2.service b/dev-db/mysql-init-scripts/files/mysqld_at-v2.service
new file mode 100644
index 000000000000..26964ea8a768
--- /dev/null
+++ b/dev-db/mysql-init-scripts/files/mysqld_at-v2.service
@@ -0,0 +1,45 @@
+[Unit]
+Description=MySQL database server
+ConditionPathExists=/etc/mysql/my%I.cnf
+After=network.target
+
+[Service]
+Type=simple
+User=mysql
+Group=mysql
+
+# Note: we set --basedir to prevent probes that might trigger SELinux alarms,
+# https://bugzilla.redhat.com/show_bug.cgi?id=547485
+ExecStart=/usr/sbin/mysqld --defaults-file=/etc/mysql/my%I.cnf --basedir=/usr
+ExecStartPost=/usr/libexec/mysqld-wait-ready $MAINPID
+
+# Give a reasonable amount of time for the server to start up/shut down
+TimeoutSec=300
+
+# Restart crashed server only, on-failure would also restart, for example, when
+# my.cnf contains unknown option
+Restart=on-abort
+RestartSec=5s
+
+# Place temp files in a secure directory, not /tmp
+PrivateTmp=true
+
+# To allow memlock to be used as non-root user if set in configuration
+CapabilityBoundingSet=CAP_IPC_LOCK
+
+# Prevent writes to /usr, /boot, and /etc
+ProtectSystem=full
+
+# Currently has issues with SELinux https://jira.mariadb.org/browse/MDEV-10404
+# This is safe to uncomment when not using SELinux
+#NoNewPrivileges=true
+
+PrivateDevices=true
+
+# Prevent accessing /home, /root and /run/user
+ProtectHome=true
+
+UMask=007
+
+[Install]
+WantedBy=multi-user.target