Description of problem:
In Fedora we have this rule for mysql directories:
In RHEL we only have:
For RHSCL packages (rh-mysql56 specifically) we now started to use /var/opt/rh/rh-mysql56/lib/mysql-files (because of bz #1384962) and we also define this rule:
/var/opt/rh/rh-mysql56 = /var (using semanage fcontext -a -e ...)
Since selinux's "equality" cannot be defined twice for given directory, we cannot define something like the following in mysql packge:
/var/lib/mysql = /var/lib/mysql-files
or something like
/var/opt/rh/rh-mysql56/lib/mysql-files = /var/lib/mysql
So I think we should change the definition in selinux-policy to be the same as in Fedora:
This would help in all packages we ship, so it wouldn't require us to fix particular packages.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. ls -lZd /var/opt/rh/rh-mysql56/lib/mysql-files
drwxr-x---. mysql mysql system_u:object_r:var_lib_t:s0 /var/opt/rh/rh-mysql56/lib/mysql-files/
drwxr-x---. mysql mysql system_u:object_r:mysqld_db_t:s0 /var/opt/rh/rh-mysql56/lib/mysql-files/
To correspond the conflict, this is what I see when trying to define it specifically for one directory:
#> semanage fcontext -a -e /var/lib/mysql /var/opt/rh/rh-mysql56/lib/mysql-files
ValueError: File spec /var/opt/rh/rh-mysql56/lib/mysql-files conflicts with equivalency rule '/var/opt/rh/rh-mysql56 /var'; Try adding '/var/lib/mysql-files' instead
Based on the results of our automated TC, this bug is fixed in 3.13.1-124.el7. Not switching to VERIFIED right now, because the bug needs to be added to the selinux-policy errata first.
*** Bug 1391947 has been marked as a duplicate of this bug. ***
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.