8925877dc8
Combined AmbientCapabilities and CapabilityBoundingSet configuration within a service file we have found by testing aren't supported in the systemd v245 (Ubuntu 20.04) and v239 (RHEL8) for non-root users. This resulted in a service start error EXIT_CAPABILITIES, a systemd limitation of the version that we cannot work around consequences. The systemd version 247 these combined capabilities have been tested to work on Debian 11. No other supported major distros run systemd version 246, and if they did, the missing capability of CAP_IPC_LOCK won't be noticed as it was a convenience for --memlock users. As such we disable the AmbientCapabilites for CAP_IPC_LOCK rather that disabling the CapabilityBoundingSet, because doing the later will disable authentication for MariaDB users that have configured PAM with MariaDB. Should a user require CAP_IPC_LOCK they can append in their own systemd overlay file this configuration in the CapabilityBoundingSet and configure the capability file attributes on the mariadbd executable to have the IPC_LOCK capability. This isn't configured by default as the presence of a capability in the MariaDB Server is detected by openssl libraries as "insecure" which will then ignore any user configured TLS configuration file passed though by the OPENSSL_CONF environment variable.
Code status:
ci.appveyor.com
MariaDB: The innovative open source database
MariaDB was designed as a drop-in replacement of MySQL(R) with more features, new storage engines, fewer bugs, and better performance.
MariaDB is brought to you by the MariaDB Foundation and the MariaDB Corporation. Please read the CREDITS file for details about the MariaDB Foundation, and who is developing MariaDB.
MariaDB is developed by many of the original developers of MySQL who now work for the MariaDB Corporation, the MariaDB Foundation and by many people in the community.
MySQL, which is the base of MariaDB, is a product and trademark of Oracle Corporation, Inc. For a list of developers and other contributors, see the Credits appendix. You can also run 'SHOW authors' to get a list of active contributors.
A description of the MariaDB project and a manual can be found at:
https://mariadb.com/kb/en/mariadb-vs-mysql-features/
https://mariadb.com/kb/en/mariadb-versus-mysql-compatibility/
https://mariadb.com/kb/en/new-and-old-releases/
Getting the code, building it and testing it
Refer to the following guide: https://mariadb.org/get-involved/getting-started-for-developers/get-code-build-test/ which outlines how to build the source code correctly and run the MariaDB testing framework, as well as which branch to target for your contributions.
Help
More help is available from the Maria Discuss mailing list https://lists.mariadb.org/postorius/lists/discuss.lists.mariadb.org/ and MariaDB's Zulip instance, https://mariadb.zulipchat.com/
Licensing
MariaDB is specifically available only under version 2 of the GNU General Public License (GPLv2). (I.e. Without the "any later version" clause.) This is inherited from MySQL. Please see the README file in the MySQL distribution for more information.
License information can be found in the COPYING file. Third party license information can be found in the THIRDPARTY file.
Bug Reports
Bug and/or error reports regarding MariaDB should be submitted at: https://jira.mariadb.org
For reporting security vulnerabilities see: https://mariadb.org/about/security-policy/
The code for MariaDB, including all revision history, can be found at: https://github.com/MariaDB/server