Bug 1569356

Summary: fcontext missing for mysqld_safe_helper
Product: Red Hat Software Collections Reporter: Sandeep MJ <sjayapra>
Component: mariadbAssignee: Jakub JanĨo <jjanco>
Status: CLOSED NEXTRELEASE QA Contact: Michal Schorm <mschorm>
Severity: high Docs Contact:
Priority: unspecified    
Version: rh-mariadb101CC: databases-maint, hhorak, jjanco, mmuzila, mschorm, pierre-yves.goubet, sjayapra
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1623942 1625196 (view as bug list) Environment:
Last Closed: 2019-04-06 19:04:00 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1623942, 1647794    
Bug Blocks: 1625196    

Description Sandeep MJ 2018-04-19 06:52:03 UTC 
Description of problem:

mysqld_safe_helper"  has been added in version 10.1.29-3.el7.x86_64 of rh-mariadb101-mariadb-server package.

The "mysqld_safe" fcontext is properly defined thanks to default contexts present in package "selinux-policy-targeted".

"mysqld_safe_helper" is not part of default contexts. Its context is to be set in rpm post script of package "rh-mariadb101-mariadb-server":
semanage fcontext -a -t mysqld_exec_t /usr/libexec/mysqld_safe_helper >/dev/null 2>&1

Instead of "/usr/libexec/mysqld_safe_helper", it should be "/usr/bin/mysqld_safe_helper". So that, the file has a default context: "bin_t".


Version-Release number of selected component (if applicable):
rh-mariadb101-mariadb-server-10.1.29-3.el7.x86_64.rpm 


Steps to Reproduce:

Looking into the rpm:

# rpm -qlp --scripts rh-mariadb101-mariadb-server-10.1.29-3.el7.x86_64.rpm | grep mysqld_safe_helper
warning: rh-mariadb101-mariadb-server-10.1.29-3.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID fd431d51: NOKEY
semanage fcontext -a -t mysqld_exec_t /usr/libexec/mysqld_safe_helper >/dev/null 2>&1 || :
/opt/rh/rh-mariadb101/root/usr/bin/mysqld_safe_helper
/opt/rh/rh-mariadb101/root/usr/share/man/man1/mysqld_safe_helper.1.gz
 
# rpm -qlp rh-mariadb101-mariadb-server-10.1.29-3.el7.x86_64.rpm | grep mysqld_safe_helper
warning: rh-mariadb101-mariadb-server-10.1.29-3.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID fd431d51: NOKEY
/opt/rh/rh-mariadb101/root/usr/bin/mysqld_safe_helper
/opt/rh/rh-mariadb101/root/usr/share/man/man1/mysqld_safe_helper.1.gz

Actual results:
semanage fcontext -a -t mysqld_exec_t /usr/libexec/mysqld_safe_helper >/dev/null 2>&1 || :


Expected results:
semanage fcontext -a -t mysqld_exec_t /usr/bin/mysqld_safe_helper >/dev/null 2>&1 || :

Additional info:
For the customer, pacemaker is unable to start the mariadb server.
Comment 7 Joe Orton 2019-03-14 11:02:42 UTC 
Red Hat does not currently plan to provide any further changes to this collection in a Red Hat Software Collections update release.

This software collection is nearing the retirement date (May 2019) after which customers are encouraged to upgrade to a later release.

Please contact Red Hat Support if you have further questions, or refer to the support lifecycle page for more information. https://access.redhat.com/support/policy/updates/rhscl/