Bug 1203989 - Undefined context for /etc/my.cnf.d/*cnf configuration files in mysql/mariadb
Summary: Undefined context for /etc/my.cnf.d/*cnf configuration files in mysql/mariadb
Keywords:
Status: CLOSED NEXTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 23
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Miroslav Grepl
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: 1203991 1203994
TreeView+ depends on / blocked
 
Reported: 2015-03-20 06:01 UTC by Honza Horak
Modified: 2015-08-26 04:34 UTC (History)
6 users (show)

Fixed In Version: 3.13.1-141.fc23
Doc Type: Bug Fix
Doc Text:
The /etc/my.cnf.d/ directory previously had only the default etc_t SELinux context defined, which was not sufficient. A more specific context for the /etc/my.cnf.d/*cnf configuration files has been added to the mysql SELinux policy, thus fixing this bug.
Clone Of:
: 1203991 (view as bug list)
Environment:
Last Closed: 2015-08-26 04:34:02 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description Honza Horak 2015-03-20 06:01:10 UTC 
Description of problem:
/etc/my.cnf configuration file for mysql/mariadb has context mysqld_etc_t, but other config files under /etc/my.cnf.d/ have only etc_t.

Version-Release number of selected component (if applicable):
# rpm -q selinux-policy
selinux-policy-3.13.1-105.3.fc21.noarch

Steps to Reproduce:
1. yum install mariadb
2. ls -Z /etc/my.cnf.d/*cnf

Actual results:
#> ls -Z /etc/my.cnf.d/*cnf
-rw-r--r--. root root system_u:object_r:etc_t:s0       /etc/my.cnf.d/client.cnf
-rw-r--r--. root root system_u:object_r:etc_t:s0       /etc/my.cnf.d/mysql-clients.cnf
-rw-r--r--. root root system_u:object_r:etc_t:s0       /etc/my.cnf.d/server.cnf
-rw-r--r--. root root system_u:object_r:etc_t:s0       /etc/my.cnf.d/tokudb.cnf


Expected results:
#> ls -Z /etc/my.cnf.d/*cnf
-rw-r--r--. root root system_u:object_r:mysqld_etc_t:s0       /etc/my.cnf.d/client.cnf
-rw-r--r--. root root system_u:object_r:mysqld_etc_t:s0       /etc/my.cnf.d/mysql-clients.cnf
-rw-r--r--. root root system_u:object_r:mysqld_etc_t:s0       /etc/my.cnf.d/server.cnf
-rw-r--r--. root root system_u:object_r:mysqld_etc_t:s0       /etc/my.cnf.d/tokudb.cnf
Comment 1 Lukas Vrabec 2015-03-23 10:51:11 UTC 
commit 25d9dd1eb7bc41094c9e832a4243db25fe58e374
Author: Lukas Vrabec <lvrabec>
Date:   Mon Mar 23 11:26:14 2015 +0100

    Added label mysqld_etc_t for /etc/my.cnf.d/ dir. BZ(1203989)
Comment 2 Jan Kurik 2015-07-15 14:23:13 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora 23 development cycle.
Changing version to '23'.

(As we did not run this process for some time, it could affect also pre-Fedora 23 development
cycle bugs. We are very sorry. It will help us with cleanup during Fedora 23 End Of Life. Thank you.)

More information and reason for this action is here:
https://fedoraproject.org/wiki/BugZappers/HouseKeeping/Fedora23
Comment 3 Fedora Update System 2015-08-13 08:46:16 UTC 
selinux-policy-3.13.1-141.fc23 has been submitted as an update for Fedora 23.
https://admin.fedoraproject.org/updates/selinux-policy-3.13.1-141.fc23
Comment 4 Fedora Update System 2015-08-15 02:10:18 UTC 
Package selinux-policy-3.13.1-141.fc23:
* should fix your issue,
* was pushed to the Fedora 23 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing selinux-policy-3.13.1-141.fc23'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2015-13450/selinux-policy-3.13.1-141.fc23
then log in and leave karma (feedback).
Comment 5 Fedora Update System 2015-08-26 04:33:56 UTC 
selinux-policy-3.13.1-141.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.