Bug 1584643
Summary: | Unconfined /usr/bin/mysqld | |||
---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Honza Horak <hhorak> | |
Component: | community-mysql | Assignee: | Jakub Jančo <jjanco> | |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | |
Severity: | unspecified | Docs Contact: | ||
Priority: | unspecified | |||
Version: | 29 | CC: | hhorak, jstanek, louzaoh, mschorm | |
Target Milestone: | --- | |||
Target Release: | --- | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | Doc Type: | If docs needed, set a value | ||
Doc Text: | Story Points: | --- | ||
Clone Of: | ||||
: | 1616258 (view as bug list) | Environment: | ||
Last Closed: | 2018-09-13 19:41:35 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1616258 |
Description
Honza Horak
2018-05-31 11:24:44 UTC
Fixed by this commit: https://src.fedoraproject.org/cgit/rpms/community-mysql.git/commit/?id=d9f9c9c58e04b0386ec9d6af8362c7eb9a4cfea8 This bug appears to have been reported against 'rawhide' during the Fedora 29 development cycle. Changing version to '29'. Currently selinux policy defines type "mysqld_exec_t" for link. # ls -Z /usr/sbin/mysqld system_u:object_r:mysqld_exec_t:s0 /usr/sbin/mysqld This leads to more selinux denials for systemd service. As seen below. time->Mon Aug 20 09:25:46 2018 type=AVC msg=audit(1534771546.671:542): avc: denied { read } for pid=4542 comm="(mysqld)" name="mysqld" dev="vda1" ino=177756 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:mysqld_exec_t:s0 tclass=lnk_file permissive=0 I will revert label to previous "system_u:object_r:bin_t:s0", this "model" is followed by all links in OS and also systemd service works. Fixed since selinux-policy-3.14.2-33 |