Description of problem: After moving /usr/libexec/mysqld to /usr/bin/mysqld, the selinux of this file is wrong: # ls -lZ /usr/bin/mysqld -rwxr-xr-x. 1 root root system_u:object_r:bin_t:s0 55830272 May 23 04:51 /usr/bin/mysqld This can be either fixed by providing the fixed selinux rules for this package together with community-mysql (bug #1577199), or in selinux-policy package, or by reverting this particular change.
Fixed by this commit: https://src.fedoraproject.org/cgit/rpms/community-mysql.git/commit/?id=d9f9c9c58e04b0386ec9d6af8362c7eb9a4cfea8
This bug appears to have been reported against 'rawhide' during the Fedora 29 development cycle. Changing version to '29'.
Currently selinux policy defines type "mysqld_exec_t" for link. # ls -Z /usr/sbin/mysqld system_u:object_r:mysqld_exec_t:s0 /usr/sbin/mysqld This leads to more selinux denials for systemd service. As seen below. time->Mon Aug 20 09:25:46 2018 type=AVC msg=audit(1534771546.671:542): avc: denied { read } for pid=4542 comm="(mysqld)" name="mysqld" dev="vda1" ino=177756 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:mysqld_exec_t:s0 tclass=lnk_file permissive=0 I will revert label to previous "system_u:object_r:bin_t:s0", this "model" is followed by all links in OS and also systemd service works.
Fixed since selinux-policy-3.14.2-33