[Unit] Description=MySQL database server ConditionPathExists=/etc/mysql/my%I.cnf After=network.target [Service] Type=simple User=mysql Group=mysql # Note: we set --basedir to prevent probes that might trigger SELinux alarms, # https://bugzilla.redhat.com/show_bug.cgi?id=547485 ExecStart=/usr/sbin/mysqld --defaults-file=/etc/mysql/my%I.cnf --basedir=/usr ExecStartPost=/usr/libexec/mysqld-wait-ready $MAINPID # Give a reasonable amount of time for the server to start up/shut down TimeoutSec=300 # Restart crashed server only, on-failure would also restart, for example, when # my.cnf contains unknown option Restart=on-abort RestartSec=5s # Place temp files in a secure directory, not /tmp PrivateTmp=true # To allow memlock to be used as non-root user if set in configuration CapabilityBoundingSet=CAP_IPC_LOCK # Prevent writes to /usr, /boot, and /etc ProtectSystem=full # Currently has issues with SELinux https://jira.mariadb.org/browse/MDEV-10404 # This is safe to uncomment when not using SELinux #NoNewPrivileges=true PrivateDevices=true # Prevent accessing /home, /root and /run/user ProtectHome=true UMask=007 [Install] WantedBy=multi-user.target