I'm going to say "you can't" unless you have no wires connected to your computer (network) and no built-in wifi on the motherboard (SoC abilities).
But really? Rethink your DB. Why do you want a DB that is "un-hackable" that is accessible? That's your problem.
Perhaps you should use a professional db system (where you are not liable) if you "really need it".
MY ADVICE OTHERWISE IS MYSQL is "linux style software". It has changed standards (causing massive loss of time) for users, over the years. Standards that changed included security standards (where past setups become insecure after upgrade). You'd rather run a DB that doesn't hack the premise of your setup (which is that once you set it up it STAYS set up to do what you set up, that your DB scripts don't start throwing errors after upgrade). And which doesn't force you to upgrade to get updated to an incompatible version when you upgrade your OS - the double-gotcha.
Is there such a DB? Well - Ingress (postgres) is somewhat stable as far as standards go (though minor changes were made).
But Oracle I think has some "major solutions" you'd be interested in: and well documented "migration" operations for those upgrading from last version that "need to fix things to work in the new version" (and even support if you pay for it).
SO. You'd be on a Virtual Private Network with anyone having access to DB or have no connectivity at all. One way to insure no connectivity is: you have the source code. Rip it out so that all packets in our out go into the bit bucket then even mysql can't by mistake send an IP packet - assuming mysql doesn't require talking to localhost while operating (which btw is not a secure thing to do, and it might require that).
So really? If semi-secure isn't good enough then don't make mysql your problem. use a professional db (which i am not an authority on as far as which is bets), and follow it's guides and let that be their problem not yours. why is because once you have IP involved it's SUPER complicated to be "right".
My my we haven't even talked file security for a multi-user multi-thread pc (running many apps as root, then also having a desktop running many apps as some user): that's also a problem and mysql doesn't necessarily have "workable" solutions for that either. Jails are not 100% (per say).
As far as "you can tell mysql" to use sockets only? No. "in unix everything is a file", all networking is a socket of some kind already. what kind of socket? netstat -a shows many open sockets. sockets can be connected or piggy-backed, etc, etc.
You should want people to have access to a DB, if it's a system DB then only system uses it (assume that's safe), and if you actually need to give hackers access to DB software then that's a real problem.
ONE METHOD IS THAT YOU NEVER ALLOW ACCESS TO THE DB. what you do is have a (C program) that filters requests and deletes any request that is not "sure to be secure".
Another method is to use a "file database" (one that is NOT network aware, like BerkelyDB (some people are gasping at that advice!)). But you know - files can be piggy backed to sockets and file security. I mean - there is NO WAY you can be sure.
Finally: your hardware (in silicon) may have back doors. You have no idea what's no that silicon - all those chips and boards. So you're really done before you started. You can try. You can keep out micro-agression attacks. But you can only go so far.
Now, if your a bank you might run some "certified DB" by people who are certified. And if it fails you find the perp if there is a perp in your organization who's "certification needs to be pulled". But you eat the losses. And you have systems to prevent "loss" that go beyond a single DB - and yet that's not good enough either, there are losses.
