Bug 306351
Summary: | mysqld is unable to use tmpfs filesystem because of selinux-policy | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 4 | Reporter: | Roger Pena-Escobio <orkcu> |
Component: | selinux-policy-targeted | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | 4.5 | CC: | dwalsh |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | noarch | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2007-09-26 13:38:21 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Roger Pena-Escobio
2007-09-26 02:23:33 UTC
A better solution might be to just label the tmpfs file system as tmp_t. chcon -R -t tmp_t /var/tmp4mysql Or just mount it on /var/tmp/mysql And relabel with a restorecon. well, the fist solution only works until next reboot (or umount/mount /var/tmp4linux) the second one do not work at all, it should work if /var/tmp/mysql would be a normal directory and not a mount point to a tmpfs but that is not the case any way, I could use the first solution and add: chcon -R -t tmp_t /var/tmp4mysql to mysqld init script, and it will work for mysql anytime but, do you agree that adding this line to mysql init script is just a workaround to the problem? My scenario is a mysql HA cluster, using RHCS, so any time the service is moved to another node of the cluster (recovering procedure) I will face the problem if I do not modify the mysql init script so, is there any good point to not modify the selinux-policy the way I propose? because I am doing it myseft and it looks to work but I am just a very beginer to the selinux world so I may be making a big mistake. I will leave the bug closed but I think it should not be A better solution would be to use a mount context mount -o fscontext="system_u:object_r:tmp_t" tmpfs /var/tmp4mysql Not sure if you would use context= or fscontext= or defcontext= Never quite grasped the difference. that works, but I was caution about what Stephen Smalley say in this email: http://www.redhat.com/archives/fedora-selinux-list/2005-March/msg00124.html if you say it is ok with using fscontext as a mount option, I will go with that still don't know why not to change the policy ;-) You can change the policy, it is just more difficult. Then you have to worry about policy upgrades also. |