Bug 667303 - SELinux is preventing mysqld_safe from using the 'signull' accesses on a process.
Summary: SELinux is preventing mysqld_safe from using the 'signull' accesses on a proc...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 14
Hardware: x86_64
OS: Linux
low
medium
Target Milestone: ---
Assignee: Miroslav Grepl
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: setroubleshoot_trace_hash:c867179a44e...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-01-05 07:07 UTC by dtbeltz
Modified: 2011-01-25 20:58 UTC (History)
2 users (show)

Fixed In Version: selinux-policy-3.9.7-25.fc14
Clone Of:
Environment:
Last Closed: 2011-01-25 20:58:07 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description dtbeltz 2011-01-05 07:07:58 UTC 
SELinux is preventing mysqld_safe from using the 'signull' accesses on a process.

*****  Plugin catchall (100. confidence) suggests  ***************************

If you believe that mysqld_safe should be allowed signull access on processes labeled mysqld_t by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep mysqld_safe /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                unconfined_u:system_r:mysqld_safe_t:s0
Target Context                system_u:system_r:mysqld_t:s0
Target Objects                Unknown [ process ]
Source                        mysqld_safe
Source Path                   mysqld_safe
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           
Target RPM Packages           
Policy RPM                    selinux-policy-3.9.7-19.fc14
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     (removed)
Platform                      Linux
                              (removed)
                              2.6.35.10-74.fc14.x86_64 #1 SMP Thu Dec 23
                              16:04:50 UTC 2010 x86_64 x86_64
Alert Count                   1
First Seen                    Sat 01 Jan 2011 01:36:47 AM CST
Last Seen                     Sat 01 Jan 2011 01:36:47 AM CST
Local ID                      08883090-9a61-4e45-874b-1fea27887bc9

Raw Audit Messages
type=AVC msg=audit(1293867407.578:27782): avc:  denied  { signull } for  pid=8009 comm="mysqld_safe" scontext=unconfined_u:system_r:mysqld_safe_t:s0 tcontext=system_u:system_r:mysqld_t:s0 tclass=process

mysqld_safe,mysqld_safe_t,mysqld_t,process,signull

#============= mysqld_safe_t ==============
allow mysqld_safe_t mysqld_t:process signull;
Comment 1 Miroslav Grepl 2011-01-05 09:48:10 UTC 
You can allow it for now using

# grep mysqld_safe /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Comment 2 Miroslav Grepl 2011-01-07 10:47:28 UTC 
Fixed in selinux-policy-3.9.7-21.fc14
Comment 3 Fedora Update System 2011-01-20 16:03:46 UTC 
selinux-policy-3.9.7-25.fc14 has been submitted as an update for Fedora 14.
https://admin.fedoraproject.org/updates/selinux-policy-3.9.7-25.fc14
Comment 4 Fedora Update System 2011-01-20 19:54:13 UTC 
selinux-policy-3.9.7-25.fc14 has been pushed to the Fedora 14 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update selinux-policy'.  You can provide feedback for this update here: https://admin.fedoraproject.org/updates/selinux-policy-3.9.7-25.fc14
Comment 5 Fedora Update System 2011-01-25 20:57:15 UTC 
selinux-policy-3.9.7-25.fc14 has been pushed to the Fedora 14 stable repository.  If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.