753816 – SELinux is preventing mysqld from reading /bin/bash

Bug 753816 - SELinux is preventing mysqld from reading /bin/bash

Summary: SELinux is preventing mysqld from reading /bin/bash

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy
Sub Component:
Version:	16
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Assignee:	Miroslav Grepl
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Duplicates (3):	753896 754072 755256 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2011-11-14 15:01 UTC by Vedran Miletić
Modified:	2011-11-21 12:55 UTC (History)
CC List:	8 users (show)
Fixed In Version:	selinux-policy-3.10.0-56.fc16
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2011-11-21 00:01:14 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Vedran Miletić 2011-11-14 15:01:53 UTC

$ rpm -qa | grep selinux
selinux-policy-3.10.0-55.fc16.noarch
libselinux-2.1.6-4.fc16.x86_64
libselinux-utils-2.1.6-4.fc16.x86_64
selinux-policy-targeted-3.10.0-55.fc16.noarch
$ rpm -qa | grep bash
bash-4.2.10-5.fc16.x86_64
bash-completion-1.3-6.fc16.noarch
$ rpm -qa | grep mysql
mysql-libs-5.5.17-1.fc16.x86_64
mysql-connector-odbc-5.1.8-3.fc16.x86_64
libdbi-dbd-mysql-0.8.3-8.fc16.x86_64
php-mysql-5.3.8-3.fc16.x86_64
mysql-server-5.5.17-1.fc16.x86_64
mysql-5.5.17-1.fc16.x86_64

[   29.812719] type=1400 audit(1321255400.493:4): avc:  denied  { read } for  pid=983 comm="mysqld_safe" path="/bin/bash" dev=sdb2 ino=1574183 scontext=system_u:system_r:mysqld_safe_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file
[   30.323227] type=1400 audit(1321255401.004:5): avc:  denied  { read } for  pid=1011 comm="mysqld_safe" path="/bin/bash" dev=sdb2 ino=1574183 scontext=system_u:system_r:mysqld_safe_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file
[   30.811852] type=1400 audit(1321255401.492:6): avc:  denied  { read } for  pid=1034 comm="mysqld_safe" path="/bin/bash" dev=sdb2 ino=1574183 scontext=system_u:system_r:mysqld_safe_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file
[   31.280162] type=1400 audit(1321255401.961:7): avc:  denied  { read } for  pid=1058 comm="mysqld_safe" path="/bin/bash" dev=sdb2 ino=1574183 scontext=system_u:system_r:mysqld_safe_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file
[   31.751638] type=1400 audit(1321255402.432:8): avc:  denied  { read } for  pid=1079 comm="mysqld_safe" path="/bin/bash" dev=sdb2 ino=1574183 scontext=system_u:system_r:mysqld_safe_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file
[   32.218039] type=1400 audit(1321255402.898:9): avc:  denied  { read } for  pid=1099 comm="mysqld_safe" path="/bin/bash" dev=sdb2 ino=1574183 scontext=system_u:system_r:mysqld_safe_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file
[   33.300421] postgres (1187): /proc/1187/oom_adj is deprecated, please use /proc/1187/oom_score_adj instead.

Comment 1 Miroslav Grepl 2011-11-15 08:28:46 UTC

Fixed in selinux-policy-targeted-3.10.0-56.fc16

Comment 2 Fedora Update System 2011-11-16 15:23:21 UTC

selinux-policy-3.10.0-56.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/selinux-policy-3.10.0-56.fc16

Comment 3 Tom Lane 2011-11-17 16:12:14 UTC

*** Bug 754072 has been marked as a duplicate of this bug. ***

Comment 4 Dieter Vandenbroeck 2011-11-17 17:32:02 UTC

selinux-policy-3.10.0-56.fc16 indeed ixes the bug. Problem solved

Comment 5 Deron Meranda 2011-11-17 17:38:56 UTC

I also confirm selinux-policy-3.10.0-56.fc16 fixes the bug. Using the targeted policy.

Comment 6 Daniel Walsh 2011-11-17 18:59:12 UTC

Please update karma.

Comment 7 Daniel Walsh 2011-11-17 21:26:21 UTC

*** Bug 753896 has been marked as a duplicate of this bug. ***

Comment 8 Fedora Update System 2011-11-17 23:31:04 UTC

Package selinux-policy-3.10.0-56.fc16:
* should fix your issue,
* was pushed to the Fedora 16 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing selinux-policy-3.10.0-56.fc16'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2011-16003/selinux-policy-3.10.0-56.fc16
then log in and leave karma (feedback).

Comment 9 Fedora Update System 2011-11-21 00:01:14 UTC

selinux-policy-3.10.0-56.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 10 Honza Horak 2011-11-21 07:37:22 UTC

*** Bug 755256 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.