Bug 143887
Summary: | mysqld can't append to /var/log/mysqld.log due to selinux | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Ed van Gasteren <ed> |
Component: | mysql | Assignee: | Tom Lane <tgl> |
Status: | CLOSED ERRATA | QA Contact: | David Lawrence <dkl> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 3 | CC: | hhorak |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2005-03-21 22:06:04 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Ed van Gasteren
2004-12-31 17:48:19 UTC
In bugzilla enry id=141062 selinux is enabled and disabled using setenforce. But that is like cracking a nut with a sledgehammer. It can be done more fine grain for mysqld only with "system-config-securitylevel" on the "SELinux" tab under "SELinux Service Protection" by selecting the "Disable SELinux protection for mysqld deamon". I looked a bit further into the suggestion of bugzilla entry id=141062 to use "restorecon". After using it on /var/log/mysqld.log the original problem was gone, even with SELinux fully enabled. So there is a workaround (Disable SELinux protection for mysqld deamon) and a fix (restorecon /var/log/mysqld.log). But the problem still needs to be solved. The way that /var/log/mysqld.log is created and gets its security credentials needs to be changed (in the RPM scripts, probably). This is already repaired in development tip, by doing this just after the chown/chmod of the error log file: [ -x /sbin/restorecon ] && /sbin/restorecon "$errlogfile" However I have been hoping to resolve what's happening in bug #141062 before releasing another FC3 update. There seems to be some factor involved there that I can't reproduce :-( I've pushed out this fix for FC3 in mysql-3.23.58-14. It will need to be patched in RHEL4 as well. This is now fixed in a pending RHEL4 update. |