Hide Forgot
Description of problem: try start / stop default configuration for mysqld, mysqld cannot start Version-Release number of selected component (if applicable): mysql-server-5.5.16-3.el7.x86_64 selinux-policy-3.10.0-56.el7.noarch How reproducible: deterministic Steps to Reproduce: 1. service mysqld stop 2. service mysqld start # mysqld is not running Actual results: [root@nec-em6 bz675906-client-long-line-backslash-regression]# service mysqld stop Redirecting to /bin/systemctl stop mysqld.service [root@nec-em6 bz675906-client-long-line-backslash-regression]# service mysqld start Redirecting to /bin/systemctl start mysqld.service type=AVC msg=audit(1331127781.467:1073): avc: denied { read } for pid=18407 comm="mysqld_safe" path="/bin/bash" dev=dm-1 ino=396701 scontext=system_u:system_r:mysqld_safe_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file Job failed. See system logs and 'systemctl status' for details. [root@nec-em6 bz675906-client-long-line-backslash-regression]# type=AVC msg=audit(1331127781.846:1075): avc: denied { read } for pid=18464 comm="mysqld_safe" path="/bin/bash" dev=dm-1 ino=396701 scontext=system_u:system_r:mysqld_safe_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file type=AVC msg=audit(1331127782.204:1077): avc: denied { read } for pid=18520 comm="mysqld_safe" path="/bin/bash" dev=dm-1 ino=396701 scontext=system_u:system_r:mysqld_safe_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file type=AVC msg=audit(1331127782.571:1079): avc: denied { read } for pid=18576 comm="mysqld_safe" path="/bin/bash" dev=dm-1 ino=396701 scontext=system_u:system_r:mysqld_safe_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file type=AVC msg=audit(1331127782.937:1081): avc: denied { read } for pid=18631 comm="mysqld_safe" path="/bin/bash" dev=dm-1 ino=396701 scontext=system_u:system_r:mysqld_safe_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file type=AVC msg=audit(1331127783.299:1083): avc: denied { read } for pid=18686 comm="mysqld_safe" path="/bin/bash" dev=dm-1 ino=396701 scontext=system_u:system_r:mysqld_safe_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file Expected results: no denial service can start successfully Additional info:
Fixed in selinux-policy-3.10.0-96
Together with AVCs following lines appear in /var/log/messages: Mar 28 09:58:27 pokus mysqld_safe[1288]: /bin/sh: error while loading shared libraries: cannot apply additional memory protection after relocation: Permission denied Mar 28 09:58:27 pokus systemd[1]: mysqld.service: control process exited, code=exited status=127 Mar 28 09:58:27 pokus systemd[1]: mysqld.service holdoff time over, scheduling restart. Mar 28 09:58:27 pokus systemd[1]: Job pending for unit, delaying automatic restart. Mar 28 09:58:27 pokus systemd[1]: Unit mysqld.service entered failed state. Mar 28 09:58:27 pokus systemd[1]: mysqld.service start request repeated too quickly, refusing to start.
This request was resolved in Red Hat Enterprise Linux 7.0. Contact your manager or support representative in case you have further questions about the request.