Bug 159951 - Failure to start MySQL due to SELinux (socket issue)
Failure to start MySQL due to SELinux (socket issue)
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: mysql (Show other bugs)
3
All Linux
medium Severity high
: ---
: ---
Assigned To: Tom Lane
David Lawrence
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-06-09 12:30 EDT by Ignacio Vazquez-Abrams
Modified: 2013-07-02 23:06 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-07-20 11:19:00 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Ignacio Vazquez-Abrams 2005-06-09 12:30:37 EDT
mysql-server-(none):3.23.58-16.FC3.1.i386
selinux-policy-targeted-(none):1.17.30-2.96.noarch

When trying to start MySQL the following message appears in the system log:

Jun  9 12:22:49 ignacio kernel: audit(1118334169.246:0): avc:  denied  { create
} for  pid=24881 exe=/usr/libexec/mysqld scontext=root:system_r:mysqld_t
tcontext=root:system_r:mysqld_t tclass=netlink_route_socket

When enforcing is turned off the following messages appear:

Jun  9 12:24:52 ignacio kernel: audit(1118334292.059:0): avc:  denied  { create
} for  pid=24998 exe=/usr/libexec/mysqld scontext=root:system_r:mysqld_t
tcontext=root:system_r:mysqld_t tclass=netlink_route_socket
Jun  9 12:24:52 ignacio kernel: audit(1118334292.059:0): avc:  denied  { bind }
for  pid=24998 exe=/usr/libexec/mysqld scontext=root:system_r:mysqld_t
tcontext=root:system_r:mysqld_t tclass=netlink_route_socket
Jun  9 12:24:52 ignacio kernel: audit(1118334292.059:0): avc:  denied  { getattr
} for  pid=24998 exe=/usr/libexec/mysqld scontext=root:system_r:mysqld_t
tcontext=root:system_r:mysqld_t tclass=netlink_route_socket
Jun  9 12:24:52 ignacio kernel: audit(1118334292.059:0): avc:  denied  { write }
for  pid=24998 exe=/usr/libexec/mysqld scontext=root:system_r:mysqld_t
tcontext=root:system_r:mysqld_t tclass=netlink_route_socket
Jun  9 12:24:52 ignacio kernel: audit(1118334292.059:0): avc:  denied  {
nlmsg_read } for  pid=24998 exe=/usr/libexec/mysqld
scontext=root:system_r:mysqld_t tcontext=root:system_r:mysqld_t
tclass=netlink_route_socket
Jun  9 12:24:52 ignacio kernel: audit(1118334292.060:0): avc:  denied  { read }
for  pid=24998 exe=/usr/libexec/mysqld scontext=root:system_r:mysqld_t
tcontext=root:system_r:mysqld_t tclass=netlink_route_socket

and then it fails to start due to a timeout error.

A 'fixfiles restore' failed to fix this.
Comment 1 Tom Lane 2005-06-09 13:01:37 EDT
Dan, would you look at this?  It looks to me like a policy error (ie,
disallowing networking access to mysqld) rather than a bug in mysql.
Comment 2 Daniel Walsh 2005-07-20 11:19:00 EDT
Could you update to the latest policy available for FC3.

selinux-policy-targeted-1.17.30-3.19.noarch.rpm

It should be fixed there.

Note You need to log in before you can comment on or make changes to this bug.