1# Last Modified: Thu Mar  7 21:58:51 2013
2# Based on usr.sbin.mysqld packaged in mysql-server in Ubuntu.
3# For Percona Server and Percona XtraDB Cluster
4
5#include <tunables/global>
6
7/usr/sbin/mysqld flags=(complain) {
8  #include <abstractions/base>
9  #include <abstractions/mysql>
10  #include <abstractions/nameservice>
11  #include <abstractions/user-tmp>
12  #include <abstractions/winbind>
13  #include <local/usr.sbin.mysqld>
14
15
16  capability chown,
17  capability dac_override,
18  capability setgid,
19  capability setuid,
20  capability sys_rawio,
21  capability sys_resource,
22
23  network tcp,
24
25
26  /dev/dm-0 r,
27  /etc/group r,
28  /etc/gai.conf r,
29  /etc/hosts.allow r,
30  /etc/hosts.deny r,
31  /etc/ld.so.cache r,
32  /etc/mtab r,
33  /etc/my.cnf r,
34  /etc/mysql/*.cnf r,
35  /etc/mysql/*.pem r,
36  /etc/mysql/conf.d/ r,
37  /etc/mysql/conf.d/* r,
38  /etc/nsswitch.conf r,
39  /etc/passwd r,
40  /etc/services r,
41  /run/mysqld/mysqld.pid w,
42  /run/mysqld/mysqld.sock w,
43  /sys/devices/system/cpu/ r,
44  owner /tmp/** lk,
45  /tmp/** rw,
46  /usr/lib/mysql/plugin/ r,
47  /usr/lib/mysql/plugin/*.so* mr,
48  /usr/sbin/mysqld mr,
49  /usr/share/mysql/** r,
50  /var/lib/mysql/ r,
51  /var/lib/mysql/** rwk,
52  /var/log/mysql.err rw,
53  /var/log/mysql.log rw,
54  /var/log/mysql/ r,
55  /var/log/mysql/* rw,
56  /var/run/mysqld/mysqld.pid w,
57  /var/run/mysqld/mysqld.sock w,
58
59  # Site-specific additions and overrides. See local/README for details.
60  #include <local/usr.sbin.mysqld>
61}
62