I want to be clear: this is *obviously absurd*. There's no way you'd release with a bug like this, even with unconfined disabled. Something must be wonky on my system. But I don't know a better way to contact y'all, so... I'm running a host with unconfined disabled as I mentioned. I have *just* upgraded to F21, and rebooted, and did a restorecon -R / , and now neither mariadb nor postgresql can write their logs or databases! Here's the audit2allow -R: rlpowell@morji> cat /tmp/avcs_mysql| audit2allow -R require { type mysqld_db_t; type mysqld_log_t; type init_t; class dir { write add_name }; class file { setattr read create write getattr open }; } #============= init_t ============== allow init_t mysqld_db_t:file { read getattr open }; allow init_t mysqld_log_t:dir { write add_name }; allow init_t mysqld_log_t:file { write getattr open create setattr }; antivirus_domain_template(init_t) rlpowell@morji> cat /tmp/avcs_psql | audit2allow -R require { type postgresql_db_t; type init_t; class file { read getattr open }; } #============= init_t ============== allow init_t postgresql_db_t:file { read getattr open }; The AVCs are at http://paste.fedoraproject.org/218910/90472814 and http://paste.fedoraproject.org/218911/04743143 Help?
What does # ps -efZ |grep mariadb It looks it could come from unit files?
rlpowell@morji> ps -efZ |grep mariadb system_u:system_r:mysqld_t:s0 mysql 3914 3746 3 May06 ? 05:18:56 /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin --log-error=/var/log/mariadb/mariadb.log --pid-file=/var/run/mariadb/mariadb.pid --socket=/var/lib/mysql/mysql.sock --port=3306
I'm not sure if that question about unit files was a question I was supposed to answer?
Any thoughts here? Having a Fedora upgrade completely break my system is frustrating.
In case it helps: rlpowell@morji> find /lib/systemd | grep -i maria | xargs ls -lZ -rw-r--r--. root root staff_u:object_r:mysqld_unit_file_t:s0 /lib/systemd/system/mariadb.service -rw-r--r--. root root staff_u:object_r:mysqld_unit_file_t:s0 /lib/systemd/system/mariadb.service.d/mysql-compat.conf /lib/systemd/system/mariadb.service.d: -rw-r--r--. root root staff_u:object_r:mysqld_unit_file_t:s0 mysql-compat.conf rlpowell@morji> find /lib/systemd | grep -i mysql | xargs ls -lZ -rw-r--r--. root root staff_u:object_r:mysqld_unit_file_t:s0 /lib/systemd/system/mariadb.service.d/mysql-compat.conf -rw-r--r--. root root staff_u:object_r:mysqld_unit_file_t:s0 /lib/systemd/system/mysqld.service rlpowell@morji> find /lib/systemd | grep -i post | xargs ls -lZ -rw-r--r--. root root system_u:object_r:systemd_unit_file_t:s0 /lib/systemd/system/postgresql.service rlpowell@morji>
Upgraded to F22 and did a big reinstall: Reinstalled: libselinux.x86_64 2.3-10.fc22 libselinux-python.x86_64 2.3-10.fc22 libselinux-ruby.x86_64 2.3-10.fc22 libselinux-utils.x86_64 2.3-10.fc22 mariadb.x86_64 1:10.0.19-2.fc22 mariadb-common.x86_64 1:10.0.19-2.fc22 mariadb-config.x86_64 1:10.0.19-2.fc22 mariadb-errmsg.x86_64 1:10.0.19-2.fc22 mariadb-libs.x86_64 1:10.0.19-2.fc22 mariadb-server.x86_64 1:10.0.19-2.fc22 postgresql.x86_64 9.4.3-1.fc22 postgresql-libs.x86_64 9.4.3-1.fc22 postgresql-server.x86_64 9.4.3-1.fc22 postgresql-upgrade.x86_64 9.4.3-1.fc22 rpm-plugin-selinux.x86_64 4.12.0.1-9.fc22 selinux-policy.noarch 3.13.1-128.1.fc22 selinux-policy-devel.noarch 3.13.1-128.1.fc22 selinux-policy-doc.noarch 3.13.1-128.1.fc22 selinux-policy-targeted.noarch 3.13.1-128.1.fc22 systemd.x86_64 219-18.fc22 systemd-compat-libs.x86_64 219-18.fc22 systemd-journal-gateway.x86_64 219-18.fc22 systemd-libs.x86_64 219-18.fc22 systemd-python.x86_64 219-18.fc22 -- and it seems to be fine now. No idea what the hell.
Aaaand now it's back again: type=AVC msg=audit(06/22/2015 22:23:25.776:4296) : avc: denied { getattr } for pid=1839 comm=mysql-prepare-d path=/var/log/mariadb/mariadb.log dev="vda2" ino=655783 scontext=system_u:system_r:init_t:s0 t context=system_u:object_r:mysqld_log_t:s0 tclass=file permissive=0 And my entire database system is once again broken. What is going *on*?
More detail: type=AVC msg=audit(06/22/2015 22:28:23.928:5882) : avc: denied { write } for pid=2128 comm=touch name=mariadb.log dev="vda2" ino=655783 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:mysqld_log_t:s0 tclass=file permissive=0 type=AVC msg=audit(06/22/2015 22:28:23.928:5883) : avc: denied { write } for pid=2128 comm=touch name=mariadb.log dev="vda2" ino=655783 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:mysqld_log_t:s0 tclass=file permissive=0 type=AVC msg=audit(06/22/2015 22:28:23.930:5885) : avc: denied { getattr } for pid=2099 comm=mysql-prepare-d path=/var/log/mariadb/mariadb.log dev="vda2" ino=655783 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:mysqld_log_t:s0 tclass=file permissive=0 Jun 22 22:28:29 morji.digitalkingdom.org systemd[1]: Starting MariaDB 10.0 database server... Jun 22 22:28:29 morji.digitalkingdom.org mysql-prepare-db-dir[2192]: touch: cannot touch '/var/log/mariadb/mariadb.log': Permission denied Jun 22 22:28:29 morji.digitalkingdom.org mysql-prepare-db-dir[2192]: The log file /var/log/mariadb/mariadb.log could not be created. Jun 22 22:28:29 morji.digitalkingdom.org mysql-prepare-db-dir[2192]: The daemon will be run under mysql:mysql Jun 22 22:28:29 morji.digitalkingdom.org systemd[1]: mariadb.service: control process exited, code=exited status=1 Jun 22 22:28:29 morji.digitalkingdom.org systemd[1]: Failed to start MariaDB 10.0 database server. Jun 22 22:28:29 morji.digitalkingdom.org systemd[1]: Unit mariadb.service entered failed state. Jun 22 22:28:29 morji.digitalkingdom.org systemd[1]: mariadb.service failed.
And here's a test with setenforce 0: type=AVC msg=audit(06/22/2015 22:29:41.433:6210) : avc: denied { connectto } for pid=2578 comm=mysqladmin path=/var/lib/mysql/mysql.sock scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:mysqld_t:s0 tclass=unix_stream_socket permissive=1 type=AVC msg=audit(06/22/2015 22:29:41.433:6210) : avc: denied { write } for pid=2578 comm=mysqladmin name=mysql.sock dev="vda2" ino=359 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:mysqld_var_run_t:s0 tclass=sock_file permissive=1 type=AVC msg=audit(06/22/2015 22:29:42.504:6227) : avc: denied { getattr } for pid=2581 comm=mysql-check-upg path=/var/lib/mysql/mysql_upgrade_info dev="vda2" ino=758 scontext=system_u:system_r:init_t:s0 tcontext=staff_u:object_r:mysqld_db_t:s0 tclass=file permissive=1 type=AVC msg=audit(06/22/2015 22:29:42.505:6228) : avc: denied { read } for pid=2581 comm=mysql-check-upg name=mysql_upgrade_info dev="vda2" ino=758 scontext=system_u:system_r:init_t:s0 tcontext=staff_u:object_r:mysqld_db_t:s0 tclass=file permissive=1 type=AVC msg=audit(06/22/2015 22:29:42.508:6231) : avc: denied { open } for pid=2605 comm=cat path=/var/lib/mysql/mysql_upgrade_info dev="vda2" ino=758 scontext=system_u:system_r:init_t:s0 tcontext=staff_u:object_r:mysqld_db_t:s0 tclass=file permissive=1 type=AVC msg=audit(06/22/2015 22:29:50.081:6338) : avc: denied { open } for pid=2732 comm=touch path=/var/log/mariadb/mariadb.log dev="vda2" ino=655783 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:mysqld_log_t:s0 tclass=file permissive=1 type=AVC msg=audit(06/22/2015 22:29:50.081:6338) : avc: denied { write } for pid=2732 comm=touch name=mariadb.log dev="vda2" ino=655783 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:mysqld_log_t:s0 tclass=file permissive=1 type=AVC msg=audit(06/22/2015 22:29:50.084:6340) : avc: denied { getattr } for pid=2733 comm=chown path=/var/log/mariadb/mariadb.log dev="vda2" ino=655783 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:mysqld_log_t:s0 tclass=file permissive=1 type=AVC msg=audit(06/22/2015 22:29:50.084:6341) : avc: denied { setattr } for pid=2733 comm=chown name=mariadb.log dev="vda2" ino=655783 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:mysqld_log_t:s0 tclass=file permissive=1 type=AVC msg=audit(06/22/2015 22:29:52.167:6439) : avc: denied { connectto } for pid=2951 comm=mysqladmin path=/var/lib/mysql/mysql.sock scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:mysqld_t:s0 tclass=unix_stream_socket permissive=1 type=AVC msg=audit(06/22/2015 22:29:52.167:6439) : avc: denied { write } for pid=2951 comm=mysqladmin name=mysql.sock dev="vda2" ino=359 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:mysqld_var_run_t:s0 tclass=sock_file permissive=1 type=AVC msg=audit(06/22/2015 22:29:52.211:6456) : avc: denied { getattr } for pid=2954 comm=mysql-check-upg path=/var/lib/mysql/mysql_upgrade_info dev="vda2" ino=758 scontext=system_u:system_r:init_t:s0 tcontext=staff_u:object_r:mysqld_db_t:s0 tclass=file permissive=1 type=AVC msg=audit(06/22/2015 22:29:52.211:6457) : avc: denied { read } for pid=2954 comm=mysql-check-upg name=mysql_upgrade_info dev="vda2" ino=758 scontext=system_u:system_r:init_t:s0 tcontext=staff_u:object_r:mysqld_db_t:s0 tclass=file permissive=1 type=AVC msg=audit(06/22/2015 22:29:52.213:6460) : avc: denied { open } for pid=2977 comm=cat path=/var/lib/mysql/mysql_upgrade_info dev="vda2" ino=758 scontext=system_u:system_r:init_t:s0 tcontext=staff_u:object_r:mysqld_db_t:s0 tclass=file permissive=1 type=AVC msg=audit(06/22/2015 22:30:16.476:6565) : avc: denied { open } for pid=3105 comm=touch path=/var/log/mariadb/mariadb.log dev="vda2" ino=655783 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:mysqld_log_t:s0 tclass=file permissive=1 type=AVC msg=audit(06/22/2015 22:30:16.476:6565) : avc: denied { write } for pid=3105 comm=touch name=mariadb.log dev="vda2" ino=655783 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:mysqld_log_t:s0 tclass=file permissive=1 type=AVC msg=audit(06/22/2015 22:30:16.479:6567) : avc: denied { getattr } for pid=3106 comm=chown path=/var/log/mariadb/mariadb.log dev="vda2" ino=655783 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:mysqld_log_t:s0 tclass=file permissive=1 type=AVC msg=audit(06/22/2015 22:30:16.479:6568) : avc: denied { setattr } for pid=3106 comm=chown name=mariadb.log dev="vda2" ino=655783 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:mysqld_log_t:s0 tclass=file permissive=1 type=AVC msg=audit(06/22/2015 22:30:16.504:6571) : avc: denied { noatsecure } for pid=3110 comm=mysqld_safe scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:mysqld_safe_t:s0 tclass=process permissive=1
More information: 1. rlpowell@morji> sudo ls -lZ /var/log/mariadb/mariadb.log -rw-r-----. 1 mysql mysql system_u:object_r:mysqld_log_t:s0 73403 Jun 22 23:35 /var/log/mariadb/mariadb.log rlpowell@morji> 2. If I enable the unconfined module, these issues *do* go away. So, it looks like this may actually be a real issue, and not just something insane on my system. 3. The postgres side of things: type=AVC msg=audit(06/22/2015 23:46:32.558:25479) : avc: denied { noatsecure } for pid=17302 comm=sudo scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_sudo_t:s0 tclass=process permissive=1 type=AVC msg=audit(06/22/2015 23:46:32.558:25479) : avc: denied { siginh } for pid=17302 comm=sudo scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_sudo_t:s0 tclass=process permissive=1 type=AVC msg=audit(06/22/2015 23:46:32.558:25479) : avc: denied { rlimitinh } for pid=17302 comm=sudo scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_sudo_t:s0 tclass=process permissive=1 type=AVC msg=audit(06/22/2015 23:46:32.573:25482) : avc: denied { net_admin } for pid=17302 comm=sudo capability=net_admin scontext=staff_u:staff_r:staff_sudo_t:s0 tcontext=staff_u:staff_r:staff_sudo_t:s0 tclass=capability permissive=1 type=AVC msg=audit(06/22/2015 23:46:32.577:25483) : avc: denied { write } for pid=17302 comm=sudo path=/run/systemd/sessions/1.ref dev="tmpfs" ino=18006 scontext=staff_u:staff_r:staff_sudo_t:s0 tcontext=system_u:object_r:systemd_logind_sessions_t:s0 tclass=fifo_file permissive=1 type=AVC msg=audit(06/22/2015 23:46:32.581:25486) : avc: denied { noatsecure } for pid=17303 comm=sesh scontext=staff_u:staff_r:staff_sudo_t:s0 tcontext=staff_u:unconfined_r:unconfined_t:s0 tclass=process permissive=1 type=AVC msg=audit(06/22/2015 23:46:32.581:25486) : avc: denied { siginh } for pid=17303 comm=sesh scontext=staff_u:staff_r:staff_sudo_t:s0 tcontext=staff_u:unconfined_r:unconfined_t:s0 tclass=process permissive=1 type=AVC msg=audit(06/22/2015 23:46:32.581:25486) : avc: denied { rlimitinh } for pid=17303 comm=sesh scontext=staff_u:staff_r:staff_sudo_t:s0 tcontext=staff_u:unconfined_r:unconfined_t:s0 tclass=process permissive=1 type=AVC msg=audit(06/22/2015 23:46:32.651:25504) : avc: denied { getattr } for pid=17320 comm=postgresql-chec path=/var/lib/pgsql/data/PG_VERSION dev="vda2" ino=532543 scontext=system_u:system_r:init_t:s0 tcontext=staff_u:object_r:postgresql_db_t:s0 tclass=file permissive=1 type=AVC msg=audit(06/22/2015 23:46:32.652:25506) : avc: denied { open } for pid=17321 comm=cat path=/var/lib/pgsql/data/PG_VERSION dev="vda2" ino=532543 scontext=system_u:system_r:init_t:s0 tcontext=staff_u:object_r:postgresql_db_t:s0 tclass=file permissive=1 type=AVC msg=audit(06/22/2015 23:46:32.652:25506) : avc: denied { read } for pid=17321 comm=cat name=PG_VERSION dev="vda2" ino=532543 scontext=system_u:system_r:init_t:s0 tcontext=staff_u:object_r:postgresql_db_t:s0 tclass=file permissive=1 type=AVC msg=audit(06/22/2015 23:46:32.657:25507) : avc: denied { noatsecure } for pid=17323 comm=postgresql-ctl scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:postgresql_t:s0 tclass=process permissive=1 type=AVC msg=audit(06/22/2015 23:46:32.657:25507) : avc: denied { rlimitinh } for pid=17323 comm=postgresql-ctl scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:postgresql_t:s0 tclass=process permissive=1
Hi, The main problem is that your maraidb deamon running under init_t domain not in mariadb_t domain. I'm going to reproduce this issue.
commit 6096d7c24f1c9f9da5ddca613bcbc9ff7708a00d Author: Lukas Vrabec <lvrabec> Date: Tue Jun 23 16:00:07 2015 +0200 Add postgresql support for systemd unit files.
Yay thank you! Does that mean that both the potsgres and mysql issues are fixed in that policy version?
Hi, Please test it with http://koji.fedoraproject.org/koji/buildinfo?buildID=664643 this package. Before tests please use restorecon to fix labels in your system.
selinux-policy-3.13.1-128.4.fc22 has been submitted as an update for Fedora 22. https://admin.fedoraproject.org/updates/selinux-policy-3.13.1-128.4.fc22
Package selinux-policy-3.13.1-128.4.fc22: * should fix your issue, * was pushed to the Fedora 22 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.13.1-128.4.fc22' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2015-10974/selinux-policy-3.13.1-128.4.fc22 then log in and leave karma (feedback).
selinux-policy-3.13.1-128.4.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
So I'm sorry that I didn't test this earlier, but I had a hacky fix in place and I got busy, but it doesn't actually seem to be fixed. I'm on Fedora 23 now, and I've upgraded everything, and did a restorecon -Rv /* (more or less; I excluded /proc and stuff) rlpowell@morji> sudo dnf list installed '*selinux*' Last metadata expiration check: 2:41:07 ago on Fri Apr 22 10:31:49 2016. Installed Packages docker-selinux.x86_64 2:1.9.1-9.gitee06d03.fc23 @updates libselinux.x86_64 2.4-4.fc23 @fedora libselinux-python.x86_64 2.4-4.fc23 @fedora libselinux-python3.x86_64 2.4-4.fc23 @fedora libselinux-ruby.x86_64 2.4-4.fc23 @fedora libselinux-utils.x86_64 2.4-4.fc23 @fedora rpm-plugin-selinux.x86_64 4.13.0-0.rc1.12.fc23 @updates selinux-policy.noarch 3.13.1-158.14.fc23 @updates selinux-policy-devel.noarch 3.13.1-158.14.fc23 @updates selinux-policy-doc.noarch 3.13.1-158.14.fc23 @updates selinux-policy-targeted.noarch 3.13.1-158.14.fc23 @updates But when I set dontaudit off and setenforce 0 and do "sudo service mysqld restart", I get the AVCs below. And, in fact, mysql can't run. I've re-opened the ticket; let me know if I should open a new one. type=AVC msg=audit(04/22/2016 12:58:35.789:441286) : avc: denied { write } for pid=31271 comm=touch name=mariadb.log dev="vda2" ino=655783 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:mysqld_ log_t:s0 tclass=file permissive=1 type=AVC msg=audit(04/22/2016 12:58:35.789:441287) : avc: denied { open } for pid=31271 comm=touch path=/var/log/mariadb/mariadb.log dev="vda2" ino=655783 scontext=system_u:system_r:init_t:s0 tcontext=system_u: object_r:mysqld_log_t:s0 tclass=file permissive=1 type=AVC msg=audit(04/22/2016 12:58:35.790:441288) : avc: denied { getattr } for pid=31272 comm=chown path=/var/log/mariadb/mariadb.log dev="vda2" ino=655783 scontext=system_u:system_r:init_t:s0 tcontext=system _u:object_r:mysqld_log_t:s0 tclass=file permissive=1 type=AVC msg=audit(04/22/2016 12:58:35.790:441289) : avc: denied { setattr } for pid=31272 comm=chown name=mariadb.log dev="vda2" ino=655783 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:mysql d_log_t:s0 tclass=file permissive=1 type=AVC msg=audit(04/22/2016 12:58:36.840:441290) : avc: denied { write } for pid=31485 comm=mysqladmin name=mysql.sock dev="vda2" ino=655831 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:mys qld_var_run_t:s0 tclass=sock_file permissive=1 type=AVC msg=audit(04/22/2016 12:59:56.678:441307) : avc: denied { noatsecure } for pid=31553 comm=hostname scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:hostname_t:s0 tclass=process permissiv e=1 type=AVC msg=audit(04/22/2016 12:59:56.772:441309) : avc: denied { write } for pid=31624 comm=touch name=mariadb.log dev="vda2" ino=655783 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:mysqld_ log_t:s0 tclass=file permissive=1 type=AVC msg=audit(04/22/2016 12:59:56.772:441310) : avc: denied { open } for pid=31624 comm=touch path=/var/log/mariadb/mariadb.log dev="vda2" ino=655783 scontext=system_u:system_r:init_t:s0 tcontext=system_u: object_r:mysqld_log_t:s0 tclass=file permissive=1 type=AVC msg=audit(04/22/2016 12:59:56.774:441311) : avc: denied { getattr } for pid=31625 comm=chown path=/var/log/mariadb/mariadb.log dev="vda2" ino=655783 scontext=system_u:system_r:init_t:s0 tcontext=system _u:object_r:mysqld_log_t:s0 tclass=file permissive=1 type=AVC msg=audit(04/22/2016 12:59:56.774:441312) : avc: denied { setattr } for pid=31625 comm=chown name=mariadb.log dev="vda2" ino=655783 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:mysql d_log_t:s0 tclass=file permissive=1 type=AVC msg=audit(04/22/2016 12:59:56.776:441313) : avc: denied { rlimitinh } for pid=31627 comm=restorecon scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:setfiles_t:s0 tclass=process permissi ve=1 type=AVC msg=audit(04/22/2016 12:59:56.776:441314) : avc: denied { noatsecure } for pid=31627 comm=restorecon scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:setfiles_t:s0 tclass=process permiss ive=1 type=AVC msg=audit(04/22/2016 12:59:56.795:441315) : avc: denied { rlimitinh } for pid=31629 comm=mysqld_safe scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:mysqld_safe_t:s0 tclass=process perm issive=1 type=AVC msg=audit(04/22/2016 12:59:56.678:441306) : avc: denied { rlimitinh } for pid=31553 comm=hostname scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:hostname_t:s0 tclass=process permissive =1 type=AVC msg=audit(04/22/2016 12:59:56.795:441316) : avc: denied { noatsecure } for pid=31629 comm=mysqld_safe scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:mysqld_safe_t:s0 tclass=process per missive=1 type=AVC msg=audit(04/22/2016 12:59:56.886:441317) : avc: denied { rlimitinh } for pid=31809 comm=mysqld scontext=system_u:system_r:mysqld_safe_t:s0 tcontext=system_u:system_r:mysqld_t:s0 tclass=process permiss ive=1 type=AVC msg=audit(04/22/2016 12:59:56.886:441318) : avc: denied { siginh } for pid=31809 comm=mysqld scontext=system_u:system_r:mysqld_safe_t:s0 tcontext=system_u:system_r:mysqld_t:s0 tclass=process permissive =1 type=AVC msg=audit(04/22/2016 12:59:56.886:441319) : avc: denied { noatsecure } for pid=31809 comm=mysqld scontext=system_u:system_r:mysqld_safe_t:s0 tcontext=system_u:system_r:mysqld_t:s0 tclass=process permis sive=1 type=AVC msg=audit(04/22/2016 12:59:57.830:441320) : avc: denied { write } for pid=31837 comm=mysqladmin name=mysql.sock dev="vda2" ino=655831 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:mys qld_var_run_t:s0 tclass=sock_file permissive=1 type=AVC msg=audit(04/22/2016 12:59:57.831:441321) : avc: denied { connectto } for pid=31837 comm=mysqladmin path=/var/lib/mysql/mysql.sock scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:mysqld _t:s0 tclass=unix_stream_socket permissive=1 type=AVC msg=audit(04/22/2016 12:59:57.853:441322) : avc: denied { rlimitinh } for pid=31847 comm=hostname scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:hostname_t:s0 tclass=process permissive =1 type=AVC msg=audit(04/22/2016 12:59:57.853:441323) : avc: denied { noatsecure } for pid=31847 comm=hostname scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:hostname_t:s0 tclass=process permissiv e=1
Oh, I also did a systemctl daemon-reexec, just in case. I have not done a full reboot, but I could if you want.
Should I open a new ticket?
This message is a reminder that Fedora 23 is nearing its end of life. Approximately 4 (four) weeks from now Fedora will stop maintaining and issuing updates for Fedora 23. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a Fedora 'version' of '23'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora 23 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete.
Fedora 23 changed to end-of-life (EOL) status on 2016-12-20. Fedora 23 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed.