-# This file is intensionally empty to disable apparmor by default for newer
-# versions of MariaDB, while providing seamless upgrade from older versions
-# and from mysql, where apparmor is used.
-#
-# By default, we do not want to have any apparmor profile for the MariaDB
-# server. It does not provide much useful functionality/security, and causes
-# several problems for users who often are not even aware that apparmor
-# exists and runs on their system.
-#
-# Users can modify and maintain their own profile, and in this case it will
-# be used.
-#
-# When upgrading from previous version, users who modified the profile
-# will be promptet to keep or discard it, while for default installs
-# we will automatically disable the profile.
+# vim:syntax=apparmor
+# Last Modified: Tue Feb 09 15:28:30 2016
+#include <tunables/global>
+
+/usr/sbin/mysqld {
+ #include <abstractions/base>
+ #include <abstractions/nameservice>
+ #include <abstractions/user-tmp>
+ #include <abstractions/mysql>
+ #include <abstractions/winbind>
+
+# Allow system resource access
+ /proc/*/status r,
+ /sys/devices/system/cpu/ r,
+ /sys/devices/system/node/ r,
+ /sys/devices/system/node/** r,
+ capability sys_resource,
+ capability dac_override,
+ capability dac_read_search,
+ capability setuid,
+ capability setgid,
+
+# Allow network access
+ network tcp,
+
+ /etc/hosts.allow r,
+ /etc/hosts.deny r,
+
+# Allow config access
+ /etc/mysql/** r,
+
+# Allow pid, socket, socket lock file access
+ /var/run/mysqld/mysqld.pid rw,
+ /var/run/mysqld/mysqld.sock rw,
+ /var/run/mysqld/mysqld.sock.lock rw,
+ /var/run/mysqld/mysqlx.sock rw,
+ /var/run/mysqld/mysqlx.sock.lock rw,
+ /run/mysqld/mysqld.pid rw,
+ /run/mysqld/mysqld.sock rw,
+ /run/mysqld/mysqld.sock.lock rw,
+ /run/mysqld/mysqlx.sock rw,
+ /run/mysqld/mysqlx.sock.lock rw,
+
+# Allow systemd notify messages
+ /{,var/}run/systemd/notify w,
+
+# Allow execution of server binary
+ /usr/sbin/mysqld mr,
+ /usr/sbin/mysqld-debug mr,
+
+# Allow plugin access
+ /usr/lib/mysql/plugin/ r,
+ /usr/lib/mysql/plugin/*.so* mr,
+
+# Allow error msg and charset access
+ /usr/share/mysql/ r,
+ /usr/share/mysql/** r,
+
+# Allow data dir access
+ /var/lib/mysql/ r,
+ /var/lib/mysql/** rwk,
+
+# Allow data files dir access
+ /var/lib/mysql-files/ r,
+ /var/lib/mysql-files/** rwk,
+
+# Allow keyring dir access
+ /var/lib/mysql-keyring/ r,
+ /var/lib/mysql-keyring/** rwk,
+
+# Allow log file access
+ /var/log/mysql.err rw,
+ /var/log/mysql.log rw,
+ /var/log/mysql/ r,
+ /var/log/mysql/** rw,
+
+# Allow read access to mecab files
+ /var/lib/mecab/dic/ipadic-utf8/** r,
+
+# Allow read access to OpenSSL config
+ /etc/ssl/openssl.cnf r,
+ # Site-specific additions and overrides. See local/README for details.
+ #include <local/usr.sbin.mysqld>
+}
# Provides: mysql
# Required-Start: $remote_fs $syslog
# Required-Stop: $remote_fs $syslog
-# Should-Start: $network $named $time
-# Should-Stop: $network $named $time
+# Should-Start: $network $time
+# Should-Stop: $network $time
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Start and stop the mysql database server daemon
-# Description: Controls the main MariaDB database server daemon "mysqld"
+# Description: Controls the main MySQL database server daemon "mysqld"
# and its wrapper script "mysqld_safe".
### END INIT INFO
#
set -u
${DEBIAN_SCRIPT_DEBUG:+ set -v -x}
-test -x /usr/sbin/mysqld || exit 0
+test -x /usr/bin/mysqld_safe || exit 0
. /lib/lsb/init-functions
SELF=$(cd $(dirname $0); pwd -P)/$(basename $0)
-
+CONF=/etc/mysql/my.cnf
MYADMIN="/usr/bin/mysqladmin --defaults-file=/etc/mysql/debian.cnf"
-# priority can be overridden and "-s" adds output to stderr
+# priority can be overriden and "-s" adds output to stderr
ERR_LOGGER="logger -p daemon.err -t /etc/init.d/mysql -i"
-if [ -f /etc/default/mysql ]; then
- . /etc/default/mysql
-fi
-
-# Also source default/mariadb in case the installation was upgraded from
-# packages originally installed from MariaDB.org repositories, which have
-# had support for reading /etc/default/mariadb since March 2016.
-if [ -f /etc/default/mariadb ]; then
- . /etc/default/mariadb
-fi
-
# Safeguard (relative paths, core dumps..)
cd /
umask 077
#
# Usage: void mysqld_get_param option
mysqld_get_param() {
- /usr/sbin/mysqld --print-defaults \
- | tr " " "\n" \
- | grep -- "--$1" \
- | tail -n 1 \
- | cut -d= -f2
+ /usr/sbin/mysqld --print-defaults \
+ | tr " " "\n" \
+ | grep -- "--$1" \
+ | tail -n 1 \
+ | cut -d= -f2
}
## Do some sanity checks before even trying to start mysqld.
#
# Usage: boolean mysqld_status [check_alive|check_dead] [warn|nowarn]
mysqld_status () {
- ping_output=`$MYADMIN ping 2>&1`; ping_alive=$(( ! $? ))
-
- ps_alive=0
- pidfile=`mysqld_get_param pid-file`
- if [ -f "$pidfile" ] && ps `cat $pidfile` >/dev/null 2>&1; then ps_alive=1; fi
-
- if [ "$1" = "check_alive" -a $ping_alive = 1 ] ||
- [ "$1" = "check_dead" -a $ping_alive = 0 -a $ps_alive = 0 ]; then
- return 0 # EXIT_SUCCESS
- else
- if [ "$2" = "warn" ]; then
- echo -e "$ps_alive processes alive and '$MYADMIN ping' resulted in\n$ping_output\n" | $ERR_LOGGER -p daemon.debug
+ ping_output=`$MYADMIN ping 2>&1`; ping_alive=$(( ! $? ))
+
+ ps_alive=0
+ pidfile=`mysqld_get_param pid-file`
+ if [ -f "$pidfile" ] && ps `cat $pidfile` >/dev/null 2>&1; then ps_alive=1; fi
+
+ if [ "$1" = "check_alive" -a $ping_alive = 1 ] ||
+ [ "$1" = "check_dead" -a $ping_alive = 0 -a $ps_alive = 0 ]; then
+ return 0 # EXIT_SUCCESS
+ else
+ if [ "$2" = "warn" ]; then
+ echo -e "$ps_alive processes alive and '$MYADMIN ping' resulted in\n$ping_output\n" | $ERR_LOGGER -p daemon.debug
+ fi
+ return 1 # EXIT_FAILURE
fi
- return 1 # EXIT_FAILURE
- fi
}
#
#
case "${1:-''}" in
-
'start')
- sanity_checks;
- # Start daemon
- log_daemon_msg "Starting MariaDB database server" "mysqld"
- if mysqld_status check_alive nowarn; then
- log_progress_msg "already running"
- log_end_msg 0
- else
- # Could be removed during boot
- test -e /var/run/mysqld || install -m 755 -o mysql -g root -d /var/run/mysqld
-
- # Start MariaDB!
- /usr/bin/mysqld_safe "${@:2}" 2>&1 >/dev/null | $ERR_LOGGER &
-
- for i in $(seq 1 "${MYSQLD_STARTUP_TIMEOUT:-30}"); do
- sleep 1
- if mysqld_status check_alive nowarn ; then break; fi
- log_progress_msg "."
- done
- if mysqld_status check_alive warn; then
- log_end_msg 0
- # Now start mysqlcheck or whatever the admin wants.
- output=$(/etc/mysql/debian-start)
- if [ -n "$output" ]; then
- log_action_msg "$output"
- fi
- else
- log_end_msg 1
- log_failure_msg "Please take a look at the syslog"
- fi
- fi
- ;;
+ sanity_checks;
+ # Start daemon
+ log_daemon_msg "Starting MySQL database server" "mysqld"
+ if mysqld_status check_alive nowarn; then
+ log_progress_msg "already running"
+ log_end_msg 0
+ else
+ # Could be removed during boot
+ test -e /var/run/mysqld || install -m 755 -o mysql -g root -d /var/run/mysqld
+
+ # Start MySQL!
+ su - mysql -s /bin/sh -c "/usr/bin/mysqld_safe > /dev/null 2>&1 &"
+
+ # 6s was reported in #352070 to be too few when using ndbcluster
+ # 14s was reported in #736452 to be too few with large installs
+ for i in $(seq 1 30); do
+ sleep 1
+ if mysqld_status check_alive nowarn ; then break; fi
+ log_progress_msg "."
+ done
+ if mysqld_status check_alive warn; then
+ log_end_msg 0
+ # Now start mysqlcheck or whatever the admin wants.
+ output=$(/etc/mysql/debian-start)
+ [ -n "$output" ] && log_action_msg "$output"
+ else
+ log_end_msg 1
+ log_failure_msg "Please take a look at the syslog"
+ fi
+ fi
+ ;;
'stop')
- # * As a passwordless mysqladmin (e.g. via ~/.my.cnf) must be possible
- # at least for cron, we can rely on it here, too. (although we have
- # to specify it explicit as e.g. sudo environments points to the normal
- # users home and not /root)
- log_daemon_msg "Stopping MariaDB database server" "mysqld"
- if ! mysqld_status check_dead nowarn; then
- set +e
- shutdown_out=`$MYADMIN shutdown 2>&1`; r=$?
- set -e
- if [ "$r" -ne 0 ]; then
- log_end_msg 1
- [ "$VERBOSE" != "no" ] && log_failure_msg "Error: $shutdown_out"
- log_daemon_msg "Killing MariaDB database server by signal" "mysqld"
- killall -15 mysqld
- server_down=
- for i in `seq 1 600`; do
- sleep 1
- if mysqld_status check_dead nowarn; then server_down=1; break; fi
- done
- if test -z "$server_down"; then killall -9 mysqld; fi
- fi
- fi
-
- if ! mysqld_status check_dead warn; then
- log_end_msg 1
- log_failure_msg "Please stop MariaDB manually and read /usr/share/doc/mariadb-server-10.3/README.Debian.gz!"
- exit -1
- else
- log_end_msg 0
- fi
- ;;
+ # * As a passwordless mysqladmin (e.g. via ~/.my.cnf) must be possible
+ # at least for cron, we can rely on it here, too. (although we have
+ # to specify it explicit as e.g. sudo environments points to the normal
+ # users home and not /root)
+ log_daemon_msg "Stopping MySQL database server" "mysqld"
+ if ! mysqld_status check_dead nowarn; then
+ set +e
+ shutdown_out=`$MYADMIN shutdown 2>&1`; r=$?
+ set -e
+ if [ "$r" -ne 0 ]; then
+ log_end_msg 1
+ [ "$VERBOSE" != "no" ] && log_failure_msg "Error: $shutdown_out"
+ log_daemon_msg "Killing MySQL database server by signal" "mysqld"
+ killall -15 mysqld
+ server_down=
+ for i in 1 2 3 4 5 6 7 8 9 10; do
+ sleep 1
+ if mysqld_status check_dead nowarn; then server_down=1; break; fi
+ done
+ if test -z "$server_down"; then killall -9 mysqld; fi
+ fi
+ fi
+
+ if ! mysqld_status check_dead warn; then
+ log_end_msg 1
+ log_failure_msg "Please stop MySQL manually and read /usr/share/doc/mysql-server-5.7/README.Debian.gz!"
+ exit -1
+ else
+ log_end_msg 0
+ fi
+ ;;
'restart')
- set +e; $SELF stop; set -e
- shift
- $SELF start "${@}"
- ;;
+ set +e; $SELF stop; set -e
+ $SELF start
+ ;;
'reload'|'force-reload')
- log_daemon_msg "Reloading MariaDB database server" "mysqld"
- $MYADMIN reload
- log_end_msg 0
- ;;
+ log_daemon_msg "Reloading MySQL database server" "mysqld"
+ $MYADMIN reload
+ log_end_msg 0
+ ;;
'status')
- if mysqld_status check_alive nowarn; then
- log_action_msg "$($MYADMIN version)"
- else
- log_action_msg "MariaDB is stopped."
- exit 3
- fi
- ;;
-
- 'bootstrap')
- # Bootstrap the cluster, start the first node
- # that initiates the cluster
- log_daemon_msg "Bootstrapping the cluster" "mysqld"
- $SELF start "${@:2}" --wsrep-new-cluster
- ;;
+ if mysqld_status check_alive nowarn; then
+ log_action_msg "$($MYADMIN version)"
+ else
+ log_action_msg "MySQL is stopped."
+ exit 3
+ fi
+ ;;
*)
- echo "Usage: $SELF start|stop|restart|reload|force-reload|status|bootstrap"
- exit 1
- ;;
+ echo "Usage: $SELF start|stop|restart|reload|force-reload|status"
+ exit 1
+ ;;
esac
+
+# Some success paths end up returning non-zero so exit 0 explicitly. See
+# bug #739846.
+exit 0
#!/bin/bash
-#
-# This script is executed by "/etc/init.d/mysql" on every (re)start.
-#
-# Changes to this file will be preserved when updating the Debian package.
-#
-# NOTE: This file is read only by the traditional SysV init script, not systemd.
-#
-
-source /usr/share/mysql/debian-start.inc.sh
-
-if [ -f /etc/default/mysql ]; then
- . /etc/default/mysql
-fi
-
-MYSQL="/usr/bin/mysql --defaults-file=/etc/mysql/debian.cnf"
-MYADMIN="/usr/bin/mysqladmin --defaults-file=/etc/mysql/debian.cnf"
-# Don't run full mysql_upgrade on every server restart, use --version-check to do it only once
-MYUPGRADE="/usr/bin/mysql_upgrade --defaults-extra-file=/etc/mysql/debian.cnf --version-check"
-MYCHECK="/usr/bin/mysqlcheck --defaults-file=/etc/mysql/debian.cnf"
-MYCHECK_SUBJECT="WARNING: mysqlcheck has found corrupt tables"
-MYCHECK_PARAMS="--all-databases --fast --silent"
-MYCHECK_RCPT="${MYCHECK_RCPT:-root}"
-
-## Checking for corrupt, not cleanly closed (only for MyISAM and Aria engines) and upgrade needing tables.
-
-# The following commands should be run when the server is up but in background
-# where they do not block the server start and in one shell instance so that
-# they run sequentially. They are supposed not to echo anything to stdout.
-# If you want to disable the check for crashed tables comment
-# "check_for_crashed_tables" out.
-# (There may be no output to stdout inside the background process!)
-
-# Need to ignore SIGHUP, as otherwise a SIGHUP can sometimes abort the upgrade
-# process in the middle.
-trap "" SIGHUP
-(
- upgrade_system_tables_if_necessary;
- check_root_accounts;
- check_for_crashed_tables;
-) >&2 &
+# Change to no-op as detailed in
+# https://bugs.launchpad.net/ubuntu/+source/mysql-5.7/+bug/1577712
exit 0
projects / vserver / commitdiff