Description of problem: mysqld_safe_helper" has been added in version 10.1.29-3.el7.x86_64 of rh-mariadb101-mariadb-server package. The "mysqld_safe" fcontext is properly defined thanks to default contexts present in package "selinux-policy-targeted". "mysqld_safe_helper" is not part of default contexts. Its context is to be set in rpm post script of package "rh-mariadb101-mariadb-server": semanage fcontext -a -t mysqld_exec_t /usr/libexec/mysqld_safe_helper >/dev/null 2>&1 Instead of "/usr/libexec/mysqld_safe_helper", it should be "/usr/bin/mysqld_safe_helper". So that, the file has a default context: "bin_t". Version-Release number of selected component (if applicable): rh-mariadb101-mariadb-server-10.1.29-3.el7.x86_64.rpm Steps to Reproduce: Looking into the rpm: # rpm -qlp --scripts rh-mariadb101-mariadb-server-10.1.29-3.el7.x86_64.rpm | grep mysqld_safe_helper warning: rh-mariadb101-mariadb-server-10.1.29-3.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID fd431d51: NOKEY semanage fcontext -a -t mysqld_exec_t /usr/libexec/mysqld_safe_helper >/dev/null 2>&1 || : /opt/rh/rh-mariadb101/root/usr/bin/mysqld_safe_helper /opt/rh/rh-mariadb101/root/usr/share/man/man1/mysqld_safe_helper.1.gz # rpm -qlp rh-mariadb101-mariadb-server-10.1.29-3.el7.x86_64.rpm | grep mysqld_safe_helper warning: rh-mariadb101-mariadb-server-10.1.29-3.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID fd431d51: NOKEY /opt/rh/rh-mariadb101/root/usr/bin/mysqld_safe_helper /opt/rh/rh-mariadb101/root/usr/share/man/man1/mysqld_safe_helper.1.gz Actual results: semanage fcontext -a -t mysqld_exec_t /usr/libexec/mysqld_safe_helper >/dev/null 2>&1 || : Expected results: semanage fcontext -a -t mysqld_exec_t /usr/bin/mysqld_safe_helper >/dev/null 2>&1 || : Additional info: For the customer, pacemaker is unable to start the mariadb server.
Red Hat does not currently plan to provide any further changes to this collection in a Red Hat Software Collections update release. This software collection is nearing the retirement date (May 2019) after which customers are encouraged to upgrade to a later release. Please contact Red Hat Support if you have further questions, or refer to the support lifecycle page for more information. https://access.redhat.com/support/policy/updates/rhscl/