Fix the "permisison denied" bug properly #260
Conversation
metal3-io-bot
added
the
size/XS
|
/test-integration |
|
/test-integration |
scripts/runmariadb
Outdated
| if [ ! -d "${DATADIR}/mysql" ]; then | ||
| crudini --set "$MARIADB_CONF_FILE" mysqld max_connections 64 | ||
| crudini --set "$MARIADB_CONF_FILE" mysqld max_heap_table_size 1M | ||
| crudini --set "$MARIADB_CONF_FILE" mysqld innodb_buffer_pool_size 5M | ||
| crudini --set "$MARIADB_CONF_FILE" mysqld innodb_log_buffer_size 512K | ||
| crudini --set "$MARIADB_CONF_FILE" mariadb-10.3 skip_log_error # Error log will be redirected to stderr |
There was a problem hiding this comment.
Are you sure the group name is actually "mariadb-10.3", not mysqld as above?
There was a problem hiding this comment.
It should work in both group, I guess. I choose "mariadb-10.3" since in the example they use a similar group. https://mariadb.com/kb/en/error-log/#writing-the-error-log-to-stderr-on-unix.
namnx228
changed the title
metal3-io-bot
added
the
do-not-merge/work-in-progress
|
/test-integration |
namnx228
changed the title
metal3-io-bot
removed
the
do-not-merge/work-in-progress
|
/test-integration |
scripts/runmariadb
Outdated
| if [ ! -d "${DATADIR}/mysql" ]; then | ||
| crudini --set "$MARIADB_CONF_FILE" mysqld max_connections 64 | ||
| crudini --set "$MARIADB_CONF_FILE" mysqld max_heap_table_size 1M | ||
| crudini --set "$MARIADB_CONF_FILE" mysqld innodb_buffer_pool_size 5M | ||
| crudini --set "$MARIADB_CONF_FILE" mysqld innodb_log_buffer_size 512K | ||
|
|
||
| # Error log will be redirected to stderr | ||
| crudini --set "$MARIADB_CONF_FILE" mariadb-10.3 skip_log_error |
There was a problem hiding this comment.
Let's maybe use mysqld so that we're not broken if/when centos updates mariadb?
namnx228
changed the title
metal3-io-bot
added
the
do-not-merge/work-in-progress
namnx228
force-pushed
the
fix-bug-nam
branch
2 times, most recently
from
d75afe5
to
78186ed
Compare
|
@dtantsur I tried to use |
|
/test-integration |
|
/test-integration |
namnx228
changed the title
metal3-io-bot
removed
the
do-not-merge/work-in-progress
@namnx228 have you tried adding the tty group to the mysqld user ? |
I haven't tried it. However, do we have a specific reason to avoid using root user here? I know that in general, root should not be used, but in this case, I have a feeling that using root doesn't cause any troubles. |
in general we should always adhere to the principle of least privilege, or do our best to |
namnx228
force-pushed
the
fix-bug-nam
branch
3 times, most recently
from
3f3d76b
to
de44d7d
Compare
|
@elfosardo I have tried to add |
|
/test-integration |
|
@namnx228 could you please provide the steps you used to do the test? |
This is the commit that I push to test the tty group: 3f3d76b |
|
/test-integration |
|
@elfosardo The CI test fails because of the the same error. |
|
/test-integration |
|
/approve Root inside a container doesn't give a potential attacker much, so I think we're fine with that. |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: dtantsur, namnx228 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
metal3-io-bot
added
the
approved
|
/retest |
|
/retest |
|
/test-integration |
|
/test-integration |
|
/test-integration |
Drop unused ipxe.efi
Issue: For some reason the script mysqld_safe_helper is used to run mysqld. This script runs with
--user=mysqland--log-error=/var/log/mariadb/mariadb.log. This causes thepermisison deniederror because user mysql tries to write to/var/log/mariadb/mariadb.logwhich, in this repo, is a symlink of root's stdout.Error message:
/usr/bin/mysqld_safe_helper: Can't create/write to file '/var/log/mariadb/mariadb.log' (Errcode: 13 "Permission denied")This PR solves the problem by removing the symlink hack and make the error log go to stdout in a proper way.