Chrooting MySQL & MariaDB

How to chroot MySQL and MariaDB on recent linux systems. This howto is based on Gentoo but should be fairly easily adoptable to any other linux distribution.

Getting started

install MySQL or MariaDB and create the basic configuration emerge -av mariadb emerge --config mariadb

Setting up the chroot

assuming you want to install the chroot to /chroot/sql # create necessary directories mkdir -p /chroot/sql/{usr/share,tmp,lib,etc,var/lib,var/run/mysqld,var/log/mysql} # copy needed system libraries, required for user switching cp /lib/{libnsl.so.1,libnss_compat.so.2} /chroot/sql/lib/ # copy mysql environment files to the chroot, make sure mysql is stopped! cp -a /var/lib/mysql /chroot/sql/var/lib/ cp -a /usr/share/mysql /chroot/sql/usr/share/ # fix directory permissions chown mysql:mysql /chroot/sql/{tmp,var/run/mysqld,var/log/mysql} # let mysql know what uid to run as grep ^mysql /etc/passwd > /chroot/sql/etc/passwd

Adjusting configuration files

The main part is already done, configuring MySQL is a fast one. In /etc/mysql/my.cnf addchroot = /chroot/sql to the [mysqld] section Change socket = /var/run/mysqld/mysqld.sock tosocket = /chroot/sql/var/run/mysqld/mysqld.sock in the [client] section.

Finishing

Actually that’s all to be done, but the init.d script won’t work any more. Things to take care of: make the init.d script aware of the new pid file location and maybe make the socket available at the default location for all programs to stupid to rely on the path supplied in your my.cnf. This can easily be fixed through some changes in your /etc/init.d/mysql script. Here is a fixed one (which also allows you running without a chroot) based on dev-db/mysql-init-scripts-2.0_pre1-r2 modified mysql init script Sidenote: MySQL/MariaDB installs a useful script called mysql_secure_installation to remove unnecessary accounts and the test database

Contact Us

We'd be thrilled to help your company – small or large – deliver products that better serve your customers' goals.