diff options
Diffstat (limited to '0005-fix-galera_recovery-with-fs.protected_regular-enabled.patch')
-rw-r--r-- | 0005-fix-galera_recovery-with-fs.protected_regular-enabled.patch | 32 |
1 files changed, 0 insertions, 32 deletions
diff --git a/0005-fix-galera_recovery-with-fs.protected_regular-enabled.patch b/0005-fix-galera_recovery-with-fs.protected_regular-enabled.patch deleted file mode 100644 index f3de571d86a9..000000000000 --- a/0005-fix-galera_recovery-with-fs.protected_regular-enabled.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 5936f0be4a49eda7b05ea1591bbbba3d72e4d7b9 Mon Sep 17 00:00:00 2001 -From: Christian Hesse <mail@eworm.de> -Date: Fri, 25 Jan 2019 14:50:53 +0100 -Subject: fix galera_recovery with fs.protected_regular enabled - -The fs.protected_regular sysctls was added in Linux 4.19 to make some -data spoofing attacks harder. With systemd v241 these will be enabled -by default. - -With this protection enabled galera_recovery fails with EPERM -(permission denied). This is caused by a wrong security measure: -The script changes ownership of $log_file to $user, though $user never -touches it. The shell redirection writes output to the file, not mysqld. -So just drop chown to fix this. ---- - scripts/galera_recovery.sh | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/scripts/galera_recovery.sh b/scripts/galera_recovery.sh -index c58f3d8f6b9..c70decc0005 100644 ---- a/scripts/galera_recovery.sh -+++ b/scripts/galera_recovery.sh -@@ -101,8 +101,7 @@ wsrep_recover_position() { - - # Safety checks - if [ -n "$log_file" -a -f "$log_file" ]; then -- [ "$euid" = "0" ] && chown $user $log_file -- chmod 600 $log_file -+ chmod 600 $log_file - else - log "WSREP: mktemp failed" - fi |