# rpm -qa | egrep selinux libselinux-2.0.90-5.fc12.i686 selinux-policy-3.6.32-99.fc12.noarch libselinux-python-2.0.90-5.fc12.x86_64 libselinux-devel-2.0.90-5.fc12.x86_64 selinux-policy-targeted-3.6.32-99.fc12.noarch libselinux-2.0.90-5.fc12.x86_64 libselinux-utils-2.0.90-5.fc12.x86_64 I can't seem to run Logitech/SlimDevices SqueezeBoxServer from http://repos.slimdevices.com/yum/squeezecenter/release/ # rpm -qa | egrep squeeze squeezeboxserver-7.4.2-1.noarch squeezecenter-repo-1-6.noarch without the following: allow mysqld_t mysqld_db_t:sock_file unlink; I'm unsure whether this is a mysql misconfiguration or a problem with squeezeboxserver, but since squeezeboxserver is just a perl script... I'm thinking that maybe this is just missing from the policy?
Miroslav, Add manage_sock_files_pattern(mysqld_t, mysqld_db_t, mysqld_db_t)
Fixed in selinux-policy-3.6.32-102.fc12
Buganizer went down immediately after I posted this last night, and I wasn't able to post a follow up. When I now run: $ ls -alZ /var/lib/mysql/*.sock /var/lib/squeezeboxserver/cache/*.sock srwxrwxrwx. mysql mysql unconfined_u:object_r:mysqld_var_run_t:s0 /var/lib/mysql/mysql.sock srwxrwxrwx. squeezeboxserver squeezeboxserver unconfined_u:object_r:mysqld_var_run_t:s0 /var/lib/squeezeboxserver/cache/squeezebox-mysql.sock note the mysqld_var_run_t, it used to be mysqld_db_t. Is it possible that the context of these files is now being set differently, and once the files were deleted (which required the ACL change) they got created with the new context (and hence the ACL change is no longer needed - ie. it is only needed for the transition)? I've modified my squeezebox.te, commented out the allow statement, and recompiled/reloaded it. Am I correct in understanding it replaces the previous policy I had loaded? If such, that means that this change is actually not needed, you just have to manually delete the sockets the first time, and on future mysqld/squeezeboxserver invocations they come up with a different context and everything works.
selinux-policy-3.6.32-103.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/selinux-policy-3.6.32-103.fc12
selinux-policy-3.6.32-103.fc12 has been pushed to the Fedora 12 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update selinux-policy'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/selinux-policy-3.6.32-103.fc12
selinux-policy-3.6.32-103.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.