mirror of
https://github.com/archlinuxarm/PKGBUILDs.git
synced 2024-11-08 22:45:43 +00:00
33 lines
1.2 KiB
Diff
33 lines
1.2 KiB
Diff
|
From 5936f0be4a49eda7b05ea1591bbbba3d72e4d7b9 Mon Sep 17 00:00:00 2001
|
||
|
|
From: Christian Hesse <mail@eworm.de>
|
||
|
|
Date: Fri, 25 Jan 2019 14:50:53 +0100
|
||
|
|
Subject: fix galera_recovery with fs.protected_regular enabled
|
||
|
|
|
||
|
|
The fs.protected_regular sysctls was added in Linux 4.19 to make some
|
||
|
|
data spoofing attacks harder. With systemd v241 these will be enabled
|
||
|
|
by default.
|
||
|
|
|
||
|
|
With this protection enabled galera_recovery fails with EPERM
|
||
|
|
(permission denied). This is caused by a wrong security measure:
|
||
|
|
The script changes ownership of $log_file to $user, though $user never
|
||
|
|
touches it. The shell redirection writes output to the file, not mysqld.
|
||
|
|
So just drop chown to fix this.
|
||
|
|
---
|
||
|
|
scripts/galera_recovery.sh | 3 +--
|
||
|
|
1 file changed, 1 insertion(+), 2 deletions(-)
|
||
|
|
|
||
|
|
diff --git a/scripts/galera_recovery.sh b/scripts/galera_recovery.sh
|
||
|
|
index c58f3d8f6b9..c70decc0005 100644
|
||
|
|
--- a/scripts/galera_recovery.sh
|
||
|
|
+++ b/scripts/galera_recovery.sh
|
||
|
|
@@ -101,8 +101,7 @@ wsrep_recover_position() {
|
||
|
|
|
||
|
|
# Safety checks
|
||
|
|
if [ -n "$log_file" -a -f "$log_file" ]; then
|
||
|
|
- [ "$euid" = "0" ] && chown $user $log_file
|
||
|
|
- chmod 600 $log_file
|
||
|
|
+ chmod 600 $log_file
|
||
|
|
else
|
||
|
|
log "WSREP: mktemp failed"
|
||
|
|
fi
|