Description of problem: Remote SQL read. SELinux is preventing mariadbd from 'search' accesses on the directory net. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that mariadbd should be allowed search access on the net directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'mariadbd' --raw | audit2allow -M my-mariadbd # semodule -X 300 -i my-mariadbd.pp Additional Information: Source Context system_u:system_r:mysqld_t:s0 Target Context system_u:object_r:sysctl_net_t:s0 Target Objects net [ dir ] Source mariadbd Source Path mariadbd Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages SELinux Policy RPM selinux-policy-targeted-37.19-1.fc37.noarch Local Policy RPM mysql-selinux-1.0.5-2.fc37.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 6.2.9-200.fc37.x86_64 #1 SMP PREEMPT_DYNAMIC Thu Mar 30 22:31:57 UTC 2023 x86_64 x86_64 Alert Count 131 First Seen 2023-03-04 19:24:27 EST Last Seen 2023-04-15 12:55:55 EDT Local ID 8ac44691-eaa0-468d-944c-fcd363443412 Raw Audit Messages type=AVC msg=audit(1681577755.426:35281): avc: denied { search } for pid=1303 comm="mariadbd" name="net" dev="proc" ino=19476 scontext=system_u:system_r:mysqld_t:s0 tcontext=system_u:object_r:sysctl_net_t:s0 tclass=dir permissive=0 Hash: mariadbd,mysqld_t,sysctl_net_t,dir,search Version-Release number of selected component: selinux-policy-targeted-37.19-1.fc37.noarch Additional info: component: mysql-selinux reporter: libreport-2.17.4 hashmarkername: setroubleshoot kernel: 6.2.9-200.fc37.x86_64 type: libreport
This package has changed maintainer in Fedora. Reassigning to the new maintainer of this component.
FEDORA-2023-2b65fa4f45 has been submitted as an update to Fedora 40. https://bodhi.fedoraproject.org/updates/FEDORA-2023-2b65fa4f45
FEDORA-2023-2b65fa4f45 has been pushed to the Fedora 40 stable repository. If problem still persists, please make note of it in this bug report.
Sorry for the misleading Fedora Update reports. This issue has NOT been fixed. I've made an attempt to fix it, but I was unsuccessful. I've reverted the respective commit on the upstream of the 'mysql-selinux' package, however the update automation still picked up the BZ number from the reverted commit message and used them to mark those BZs as resolved. While the fix attempt I made wasn't working, I believe the research behind it I've made should be correct. https://github.com/devexp-db/mysql-selinux/commit/de84778e555b891fd9ea5f3111c87a4990650d6c I'll try again after consultation with someone proficient in writing SELinux rules.
FEDORA-2023-26954ac6f4 has been submitted as an update to Fedora 40. https://bodhi.fedoraproject.org/updates/FEDORA-2023-26954ac6f4
FEDORA-2023-26954ac6f4 has been pushed to the Fedora 40 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2023-de0c445f23 has been submitted as an update to Fedora 39. https://bodhi.fedoraproject.org/updates/FEDORA-2023-de0c445f23
FEDORA-2023-50b22e7196 has been submitted as an update to Fedora 38. https://bodhi.fedoraproject.org/updates/FEDORA-2023-50b22e7196
This is the actual update that should fix your issue, please test it: https://bodhi.fedoraproject.org/updates/?search=mysql-selinux-1.0.10
FEDORA-2023-de0c445f23 has been pushed to the Fedora 39 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-de0c445f23` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-de0c445f23 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2023-50b22e7196 has been pushed to the Fedora 38 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-50b22e7196` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-50b22e7196 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2023-f5860f0475 has been pushed to the Fedora 37 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-f5860f0475` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-f5860f0475 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
This message is a reminder that Fedora Linux 37 is nearing its end of life. Fedora will stop maintaining and issuing updates for Fedora Linux 37 on 2023-12-05. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a 'version' of '37'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, change the 'version' to a later Fedora Linux version. Note that the version field may be hidden. Click the "Show advanced fields" button if you do not see it. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora Linux 37 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora Linux, you are encouraged to change the 'version' to a later version prior to this bug being closed.
FEDORA-2023-de0c445f23 has been pushed to the Fedora 39 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2023-50b22e7196 has been pushed to the Fedora 38 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2023-f5860f0475 has been pushed to the Fedora 37 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2024-8beb0aba20 (selinux-policy-41.26-1.fc42) has been submitted as an update to Fedora 42. https://bodhi.fedoraproject.org/updates/FEDORA-2024-8beb0aba20
FEDORA-2024-8beb0aba20 (selinux-policy-41.26-1.fc42) has been pushed to the Fedora 42 stable repository. If problem still persists, please make note of it in this bug report.