Bugzilla will be upgraded to version 5.0 on December 2, 2018. The outage period for the upgrade will start at 0:00 UTC and have a duration of 12 hours
First Last Prev Next    This bug is not in your last search results.
Bug 208283 - Selinux prevents mysql from reading SSL certificates
Selinux prevents mysql from reading SSL certificates
Status: CLOSED NEXTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
4
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-09-27 12:34 EDT by Sergio Pascual
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-01-11 17:15:41 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Sergio Pascual 2006-09-27 12:34:32 EDT 
Description of problem:
mysql cannot read ssl certificates unless written in /var/lib/mysql dir. (I
suppose that the correct place for certificates is /etc/pki/tls)

Version-Release number of selected component (if applicable):
mysql-server-4.1.20-1.FC4.1
selinux-policy-targeted-1.27.1-2.28
How reproducible:
Always

Steps to Reproduce:
1. Enable ssl in mysql
2. Start the daemon
3. 
  
Actual results:
The certificate and private key are not read.

Expected results:
mysql can read the files



Additional info:

I reported this bug for fc5:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=192404

# ls -Z /etc/pki/tls/certs/mysql.crt
-rw-r--r--  root     mysql    user_u:object_r:cert_t          
/etc/pki/tls/certs/mysql.crt

# mysql.log
060927 17:51:52  mysqld started
Error when connection to server using SSL:3085952704:error:0200100D:system
library:fopen:Permission
denied:bss_file.c:278:fopen('/etc/pki/tls/certs/mysql.crt','r')
3085952704:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:280:
3085952704:error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system
lib:ssl_rsa.c:515:
Unable to get certificate from '/etc/pki/tls/certs/mysql.crt'


# audit.log
type=AVC msg=audit(1159372312.463:6538): avc:  denied  { search } for  pid=28337
comm="mysqld" name="pki" dev=dm-0 ino=96905 scontext=root:system_r:mysqld_t
tcontext=system_u:object_r:cert_t tclass=dir
type=SYSCALL msg=audit(1159372312.463:6538): arch=40000003 syscall=5 success=no
exit=-13 a0=a66dbf3 a1=0 a2=1b6 a3=a68d6a0 items=1 pid=28337 auid=603 uid=0
gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="mysqld"
exe="/usr/libexec/mysqld" subj=root:system_r:mysqld_t
type=CWD msg=audit(1159372312.463:6538):  cwd="/"
type=PATH msg=audit(1159372312.463:6538): item=0
name="/etc/pki/tls/certs/mysql.crt" parent=715301 dev=fd:04 mode=0100660 ouid=0
ogid=0 rdev=00:00 obj=root:object_r:mysqld_db_t
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.