| Summary: | AVC when first starting mysqld | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Mark McLoughlin <markmc> |
| Component: | selinux-policy-targeted | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED ERRATA | QA Contact: | Ben Levenson <benl> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 17 | CC: | dwalsh, hhorak, tgl |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | selinux-policy-3.10.0-104.fc17 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2012-03-21 18:53:18 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
$ sesearch -A -s mysqld_safe_t -t passwd_file_t.
Found 1 semantic av rules:
allow mysqld_safe_t passwd_file_t : file { ioctl read getattr lock open } ;
$ rpm -q selinux-policy
selinux-policy-3.10.0-97.fc17.noarch
(In reply to comment #0) Possibly unrelated, but --- I don't understand this: > Mar 8 08:35:53 zig mysqld-prepare-db-dir[6557]: cd /usr/mysql-test ; perl mysql-test-run.pl mysqld-prepare-db-dir should not be invoking any such thing. selinux-policy-3.10.0-103.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/selinux-policy-3.10.0-103.fc17 Package selinux-policy-3.10.0-104.fc17: * should fix your issue, * was pushed to the Fedora 17 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.10.0-104.fc17' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-4248/selinux-policy-3.10.0-104.fc17 then log in and leave karma (feedback). selinux-policy-3.10.0-104.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report. |
On latest Fedora 17 $> rpm -q mysql-server selinux-policy-targeted mysql-server-5.5.21-1.fc17.x86_64 selinux-policy-targeted-3.10.0-95.fc17.noarch $> yum erase mysql-server $> rm -rf /var/lib/mysql $> yum install mysql-server $> systemctl start mysqld.service and in /var/log/messages: Mar 8 08:35:53 zig mysqld-prepare-db-dir[6557]: cd /usr/mysql-test ; perl mysql-test-run.pl Mar 8 08:35:53 zig mysqld-prepare-db-dir[6557]: Please report any problems with the /usr/bin/mysqlbug script! Mar 8 08:35:53 zig kernel: [ 2259.997138] type=1400 audit(1331195753.872:6): avc: denied { read } for pid=6628 comm="mysqld_safe" name="passwd" dev="dm-1" ino=1181848 scontext=system_u:system_r:mysqld_safe_t:s0 tcontext=system_u:object_r:passwd_file_t:s0 tclass=file Mar 8 08:35:53 zig mysqld_safe[6628]: 120308 08:35:53 mysqld_safe Logging to '/var/log/mysqld.log'. Mar 8 08:35:53 zig mysqld_safe[6628]: 120308 08:35:53 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql