I would like to propose using PrivateTmp for mysql systemd unit file This should make the use of /tmp directory more secure and avoid users from being able to potentially effect it. http://fedoraproject.org/wiki/Features/ServicesPrivateTmp
The above-linked page says that PrivateTmp currently fails in F-16. Is there an ETA on fixing that? I would prefer to avoid needing a divergence between the F-16 and F-17 unit files.
I will let the systemd guys answer that one.
I believe the note about broken PrivateTmp refers to bug 752540, a fix for which is in F16 updates-testing.
Thanks, I'll plan on doing this in the next mysql turn (probably in a month or so).
I tried this today, and it does not appear that the feature works yet. Attempting to start mysqld fails, with this in /var/log/messages: Feb 26 18:50:54 rh3 mysqld-prepare-db-dir[24635]: Initializing MySQL database Feb 26 18:50:54 rh3 mysqld-prepare-db-dir[24635]: Installing MySQL system tables... Feb 26 18:50:56 rh3 mysqld-prepare-db-dir[24635]: ERROR: 1005 Can't create table 'tmp_db' (errno: 13) Feb 26 18:50:56 rh3 mysqld-prepare-db-dir[24635]: 120226 18:50:56 [ERROR] Aborting and this in /var/log/mysqld.log: 120226 18:50:57 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql 120226 18:50:57 [Note] Plugin 'FEDERATED' is disabled. 120226 18:50:57 InnoDB: The InnoDB memory heap is disabled 120226 18:50:57 InnoDB: Mutexes and rw_locks use GCC atomic builtins 120226 18:50:57 InnoDB: Compressed tables use zlib 1.2.5 120226 18:50:57 InnoDB: Using Linux native AIO /usr/libexec/mysqld: Can't create/write to file '/tmp/ib9YloSW' (Errcode: 13) 120226 18:50:57 InnoDB: Error: unable to create temporary file; errno: 13 120226 18:50:57 [ERROR] Plugin 'InnoDB' init function returned error. This is on a Fedora 16 machine that's up2date as of a couple days ago, in particular systemd-37-13.fc16.x86_64 systemd-sysv-37-13.fc16.x86_64 systemd-units-37-13.fc16.x86_64 Should I reopen bug #752540, or is this something else?
(In reply to comment #5) > Should I reopen bug #752540, or is this something else? It's likely something else. systemd-37-14.fc16 that is going into updates-testing should fix it (bug 790522).
mysql-5.5.22-1.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/mysql-5.5.22-1.fc16
mysql-5.5.22-1.fc15 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/mysql-5.5.22-1.fc15
mysql-5.5.22-1.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/mysql-5.5.22-1.fc17
Package mysql-5.5.22-1.fc17: * should fix your issue, * was pushed to the Fedora 17 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing mysql-5.5.22-1.fc17' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-4912/mysql-5.5.22-1.fc17 then log in and leave karma (feedback).
mysql-5.5.22-1.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
mysql-5.5.22-1.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.
mysql-5.5.22-1.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report.
I've started getting an error starting mysql on Fedora 16, that seems to be related to the change above [root@test ~]# yum install mysql-server [root@test ~]# rpm -qa | grep -i mysql mysql-5.5.22-1.fc16.x86_64 perl-DBD-MySQL-4.019-3.fc16.x86_64 mysql-libs-5.5.22-1.fc16.x86_64 mysql-server-5.5.22-1.fc16.x86_64 [root@test ~]# systemctl start mysqld.service Job failed. See system logs and 'systemctl status' for details. ==> mysqld.log <== 120416 11:05:38 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql 120416 11:05:38 [Note] Plugin 'FEDERATED' is disabled. 120416 11:05:38 InnoDB: The InnoDB memory heap is disabled 120416 11:05:38 InnoDB: Mutexes and rw_locks use GCC atomic builtins 120416 11:05:38 InnoDB: Compressed tables use zlib 1.2.5 120416 11:05:38 InnoDB: Using Linux native AIO /usr/libexec/mysqld: Can't create/write to file '/tmp/ibtckGft' (Errcode: 13) 120416 11:05:38 InnoDB: Error: unable to create temporary file; errno: 13 120416 11:05:38 [ERROR] Plugin 'InnoDB' init function returned error. 120416 11:05:38 [ERROR] Plugin 'InnoDB' registration as a STORAGE ENGINE failed. 120416 11:05:38 [ERROR] Unknown/unsupported storage engine: InnoDB 120416 11:05:38 [ERROR] Aborting 120416 11:05:38 [Note] /usr/libexec/mysqld: Shutdown complete I've edited the unit file to remove PrivateTmp, after which mysql starts #PrivateTmp=true [root@test ~]# systemctl --system daemon-reload [root@test ~]# systemctl start mysqld.service [root@test ~]# I also did a yum update of systemd and the problem goes away, should there be a dependency on a particular version of systemd in the mysql-server package?
(In reply to comment #14) > I also did a yum update of systemd and the problem goes away, You don't mention the versions of systemd before and after the update, but I suspect the bug went away due to a fix in systemd-37-14: - PrivateTmp permissions (#790522) > should there be a dependency on a particular version of systemd in the > mysql-server package? "Conflicts: systemd < 37-14" could do the trick. But the thing is, we do not test nor encourage selective updates in Fedora. Most packagers just assume you update all packages.
(In reply to comment #15) > (In reply to comment #14) > > I also did a yum update of systemd and the problem goes away, > > You don't mention the versions of systemd before and after the update, but I > suspect the bug went away due to a fix in systemd-37-14: > - PrivateTmp permissions (#790522) Sorry about that, I'm afraid I can't get the version of systemd that I was using (but admittedly it would have been relatively old), It has updated to systemd-37-17 after the yum update. > > should there be a dependency on a particular version of systemd in the > > mysql-server package? > > "Conflicts: systemd < 37-14" could do the trick. > But the thing is, we do not test nor encourage selective updates in Fedora. > Most packagers just assume you update all packages. This is a system where there was no update since it was installed, the problem occurred when I installed mysql. I only selectively updated systemd to see if it would fix the problem I was having. Keeping my system up to date also have avoided the problem but I would have thought installing mysql would update systemd if required.
*** Bug 815812 has been marked as a duplicate of this bug. ***
Note: I looked at adding a versioned Requires: to forestall such problems, but concluded it was probably a bad idea, because the version numbers at which systemd fixed their bug are radically different in F16 and F17.