Bug 154331

Summary: mysqld fails to start
Product: [Fedora] Fedora Reporter: Jonathan Eskritt <jeskritt>
Component: selinux-policy-targetedAssignee: Daniel Walsh <dwalsh>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 3   
Target Milestone: ---   
Target Release: ---   
Hardware: athlon   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-04-11 11:03:51 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jonathan Eskritt 2005-04-10 05:28:10 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050323 Firefox/1.0.2 Fedora/1.0.2-1.3.1

Description of problem:
I have 2 FC3 boxes. On one mysqld hasn't started for a while, but I don't use it much so it wasn't a big deal. On my other box, a mythtv box, I patched it today and now it has the exact same problem. mysqld fails to start with the following error (from dmesg):

audit(1113110050.419:0): avc:  denied  { read } for  pid=28304 exe=/usr/libexec/mysqld name=log.0000000001 dev=hda2 ino=377473 scontext=root:system_r:mysqld_t tcontext=system_u:object_r:var_lib_t tclass=file

I've tried restorecon on all the files: 
rpm -qa | grep mysql | xargs rpm -ql > /tmp/files
 cat /tmp/files  | xargs restorecon

but no luck. currently I'm running the mythtv box with selinux disabled but would like to have it reenabled.



Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.17.30-2.94

How reproducible:
Always

Steps to Reproduce:
1. su -
2. service mysqld start

or just restart the machine
  

Actual Results:  Terminal:
service mysqld start
Timeout error occurred trying to start MySQL Daemon.
Starting MySQL:                                            [FAILED]

dmesg:
audit(1113110534.145:0): avc:  denied  { read } for  pid=28523 exe=/usr/libexec/mysqld name=log.0000000001 dev=hda2 ino=377473 scontext=root:system_r:mysqld_t tcontext=system_u:object_r:var_lib_t tclass=file


Expected Results:  mysqld to start

Additional info:
Comment 1 Jonathan Eskritt 2005-04-10 05:34:59 UTC 
The above is from my desktop. The error from the mythtv box is:

audit(1113094517.922:0): avc:  denied  { read } for  pid=8181
exe=/usr/libexec/mysqld name=host.frm dev=hda2 ino=656744
scontext=root:system_r:mysqld_t tcontext=root:object_r:var_lib_t tclass=file

it looks farily similar, but there are some differences. I don't know anything
about selinux so I'm not sure if the differences matter.

Thanks,
Jonathan
Comment 2 Sitsofe Wheeler 2005-04-10 10:16:51 UTC 
I suspect the files (or perhaps directories) that need to be relabelled are not
listed in the mysql RPM because they are files created after the install.

If you want to try a blanket sweep relabel try doing
touch /.autorelabel
then rebooting.
Comment 3 Jonathan Eskritt 2005-04-10 20:13:28 UTC 
That seems to have done the trick. both systems MySQL servers are starting
properly on reboot.

There should be a more covienent/automatic way though than to relabel the whole
FS. Perhaps changes that break a daemon could come with a script to fix things?

Thanks for the help
Jonathan
Comment 4 Daniel Walsh 2005-04-11 11:03:51 UTC 
You should be able to restorecon the files.

I would go to the directories that these files are in 
and run a 
restorecon -R -v /var/lib 

Or something and see if the file context changes.  You should never disable
selinux if you intend to go back, since you will need to relabel it.  You can
run in permissive mode which will allow things to run, until you fix the
labeleing problem.