Bug 1569356 - fcontext missing for mysqld_safe_helper
Summary: fcontext missing for mysqld_safe_helper
Keywords:
Status: CLOSED NEXTRELEASE
Alias: None
Product: Red Hat Software Collections
Classification: Red Hat
Component: mariadb
Version: rh-mariadb101
Hardware: x86_64
OS: Linux
unspecified
high
Target Milestone: ---
: ---
Assignee: Jakub Jančo
QA Contact: Michal Schorm
URL:
Whiteboard:
Depends On: 1623942 1647794
Blocks: 1625196
TreeView+ depends on / blocked
 
Reported: 2018-04-19 06:52 UTC by Sandeep MJ
Modified: 2019-04-06 19:04 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1623942 1625196 (view as bug list)
Environment:
Last Closed: 2019-04-06 19:04:00 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description Sandeep MJ 2018-04-19 06:52:03 UTC
Description of problem:

mysqld_safe_helper"  has been added in version 10.1.29-3.el7.x86_64 of rh-mariadb101-mariadb-server package.

The "mysqld_safe" fcontext is properly defined thanks to default contexts present in package "selinux-policy-targeted".

"mysqld_safe_helper" is not part of default contexts. Its context is to be set in rpm post script of package "rh-mariadb101-mariadb-server":
semanage fcontext -a -t mysqld_exec_t /usr/libexec/mysqld_safe_helper >/dev/null 2>&1

Instead of "/usr/libexec/mysqld_safe_helper", it should be "/usr/bin/mysqld_safe_helper". So that, the file has a default context: "bin_t".


Version-Release number of selected component (if applicable):
rh-mariadb101-mariadb-server-10.1.29-3.el7.x86_64.rpm 


Steps to Reproduce:

Looking into the rpm:

# rpm -qlp --scripts rh-mariadb101-mariadb-server-10.1.29-3.el7.x86_64.rpm | grep mysqld_safe_helper
warning: rh-mariadb101-mariadb-server-10.1.29-3.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID fd431d51: NOKEY
semanage fcontext -a -t mysqld_exec_t /usr/libexec/mysqld_safe_helper >/dev/null 2>&1 || :
/opt/rh/rh-mariadb101/root/usr/bin/mysqld_safe_helper
/opt/rh/rh-mariadb101/root/usr/share/man/man1/mysqld_safe_helper.1.gz
 
# rpm -qlp rh-mariadb101-mariadb-server-10.1.29-3.el7.x86_64.rpm | grep mysqld_safe_helper
warning: rh-mariadb101-mariadb-server-10.1.29-3.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID fd431d51: NOKEY
/opt/rh/rh-mariadb101/root/usr/bin/mysqld_safe_helper
/opt/rh/rh-mariadb101/root/usr/share/man/man1/mysqld_safe_helper.1.gz

Actual results:
semanage fcontext -a -t mysqld_exec_t /usr/libexec/mysqld_safe_helper >/dev/null 2>&1 || :


Expected results:
semanage fcontext -a -t mysqld_exec_t /usr/bin/mysqld_safe_helper >/dev/null 2>&1 || :

Additional info:
For the customer, pacemaker is unable to start the mariadb server.

Comment 7 Joe Orton 2019-03-14 11:02:42 UTC
Red Hat does not currently plan to provide any further changes to this collection in a Red Hat Software Collections update release.

This software collection is nearing the retirement date (May 2019) after which customers are encouraged to upgrade to a later release.

Please contact Red Hat Support if you have further questions, or refer to the support lifecycle page for more information. https://access.redhat.com/support/policy/updates/rhscl/


Note You need to log in before you can comment on or make changes to this bug.