[debian-mysql] Bug#1123021: Increase the `systemd-analyze security mariadb.service` score from current 8.8
Otto Kekäläinen
otto at debian.org
Mon Dec 15 22:44:19 GMT 2025
Package: mariadb
Version: 1:11.8.5-1
Severity: wishlist
Running `systemd-analyze security mariadb.service` gives a score of 8.8.
Further hardening would be appreciated; for example, with
`CapabilityBoundingSet`.
This domain needs some research, and cross-referencing with that
upstream potentially has already done on the development branch `main`
and what is tracked at jira.mariadb.org. Debian could help upstream
improve the systemd service and security features, and adopt them in
11.8.x until they are fully upstreamed and can be dropped in Debian.
We should avoid adding features in Debian that upstream disagrees on,
as we don't want to maintain divergent features forever.
More information about the pkg-mysql-maint
mailing list