154331 – mysqld fails to start

Bug 154331 - mysqld fails to start

Summary: mysqld fails to start

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy-targeted
Sub Component:
Version:	3
Hardware:	athlon
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Daniel Walsh
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2005-04-10 05:28 UTC by Jonathan Eskritt
Modified:	2007-11-30 22:11 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2005-04-11 11:03:51 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Jonathan Eskritt 2005-04-10 05:28:10 UTC

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050323 Firefox/1.0.2 Fedora/1.0.2-1.3.1

Description of problem:
I have 2 FC3 boxes. On one mysqld hasn't started for a while, but I don't use it much so it wasn't a big deal. On my other box, a mythtv box, I patched it today and now it has the exact same problem. mysqld fails to start with the following error (from dmesg):

audit(1113110050.419:0): avc:  denied  { read } for  pid=28304 exe=/usr/libexec/mysqld name=log.0000000001 dev=hda2 ino=377473 scontext=root:system_r:mysqld_t tcontext=system_u:object_r:var_lib_t tclass=file

I've tried restorecon on all the files: 
rpm -qa | grep mysql | xargs rpm -ql > /tmp/files
 cat /tmp/files  | xargs restorecon

but no luck. currently I'm running the mythtv box with selinux disabled but would like to have it reenabled.



Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.17.30-2.94

How reproducible:
Always

Steps to Reproduce:
1. su -
2. service mysqld start

or just restart the machine
  

Actual Results:  Terminal:
service mysqld start
Timeout error occurred trying to start MySQL Daemon.
Starting MySQL:                                            [FAILED]

dmesg:
audit(1113110534.145:0): avc:  denied  { read } for  pid=28523 exe=/usr/libexec/mysqld name=log.0000000001 dev=hda2 ino=377473 scontext=root:system_r:mysqld_t tcontext=system_u:object_r:var_lib_t tclass=file


Expected Results:  mysqld to start

Additional info:

Comment 1 Jonathan Eskritt 2005-04-10 05:34:59 UTC

The above is from my desktop. The error from the mythtv box is:

audit(1113094517.922:0): avc:  denied  { read } for  pid=8181
exe=/usr/libexec/mysqld name=host.frm dev=hda2 ino=656744
scontext=root:system_r:mysqld_t tcontext=root:object_r:var_lib_t tclass=file

it looks farily similar, but there are some differences. I don't know anything
about selinux so I'm not sure if the differences matter.

Thanks,
Jonathan

Comment 2 Sitsofe Wheeler 2005-04-10 10:16:51 UTC

I suspect the files (or perhaps directories) that need to be relabelled are not
listed in the mysql RPM because they are files created after the install.

If you want to try a blanket sweep relabel try doing
touch /.autorelabel
then rebooting.

Comment 3 Jonathan Eskritt 2005-04-10 20:13:28 UTC

That seems to have done the trick. both systems MySQL servers are starting
properly on reboot.

There should be a more covienent/automatic way though than to relabel the whole
FS. Perhaps changes that break a daemon could come with a script to fix things?

Thanks for the help
Jonathan

Comment 4 Daniel Walsh 2005-04-11 11:03:51 UTC

You should be able to restorecon the files.

I would go to the directories that these files are in 
and run a 
restorecon -R -v /var/lib 

Or something and see if the file context changes.  You should never disable
selinux if you intend to go back, since you will need to relabel it.  You can
run in permissive mode which will allow things to run, until you fix the
labeleing problem.

Note You need to log in before you can comment on or make changes to this bug.