Red Hat Bugzilla – Bug 154331
mysqld fails to start
Last modified: 2007-11-30 17:11:03 EST
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050323 Firefox/1.0.2 Fedora/1.0.2-1.3.1 Description of problem: I have 2 FC3 boxes. On one mysqld hasn't started for a while, but I don't use it much so it wasn't a big deal. On my other box, a mythtv box, I patched it today and now it has the exact same problem. mysqld fails to start with the following error (from dmesg): audit(1113110050.419:0): avc: denied { read } for pid=28304 exe=/usr/libexec/mysqld name=log.0000000001 dev=hda2 ino=377473 scontext=root:system_r:mysqld_t tcontext=system_u:object_r:var_lib_t tclass=file I've tried restorecon on all the files: rpm -qa | grep mysql | xargs rpm -ql > /tmp/files cat /tmp/files | xargs restorecon but no luck. currently I'm running the mythtv box with selinux disabled but would like to have it reenabled. Version-Release number of selected component (if applicable): selinux-policy-targeted-1.17.30-2.94 How reproducible: Always Steps to Reproduce: 1. su - 2. service mysqld start or just restart the machine Actual Results: Terminal: service mysqld start Timeout error occurred trying to start MySQL Daemon. Starting MySQL: [FAILED] dmesg: audit(1113110534.145:0): avc: denied { read } for pid=28523 exe=/usr/libexec/mysqld name=log.0000000001 dev=hda2 ino=377473 scontext=root:system_r:mysqld_t tcontext=system_u:object_r:var_lib_t tclass=file Expected Results: mysqld to start Additional info:
The above is from my desktop. The error from the mythtv box is: audit(1113094517.922:0): avc: denied { read } for pid=8181 exe=/usr/libexec/mysqld name=host.frm dev=hda2 ino=656744 scontext=root:system_r:mysqld_t tcontext=root:object_r:var_lib_t tclass=file it looks farily similar, but there are some differences. I don't know anything about selinux so I'm not sure if the differences matter. Thanks, Jonathan
I suspect the files (or perhaps directories) that need to be relabelled are not listed in the mysql RPM because they are files created after the install. If you want to try a blanket sweep relabel try doing touch /.autorelabel then rebooting.
That seems to have done the trick. both systems MySQL servers are starting properly on reboot. There should be a more covienent/automatic way though than to relabel the whole FS. Perhaps changes that break a daemon could come with a script to fix things? Thanks for the help Jonathan
You should be able to restorecon the files. I would go to the directories that these files are in and run a restorecon -R -v /var/lib Or something and see if the file context changes. You should never disable selinux if you intend to go back, since you will need to relabel it. You can run in permissive mode which will allow things to run, until you fix the labeleing problem.