Bug 813585 - SELinux is preventing rm from 'unlink' accesses on the lnk_file /var/lib/mysql/mysql.sock.
SELinux is preventing rm from 'unlink' accesses on the lnk_file /var/lib/mysq...
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
16
i686 Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Miroslav Grepl
Fedora Extras Quality Assurance
abrt_hash:9b9953c071da2fc20ced0c866d0...
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-04-17 20:07 EDT by Aleksey
Modified: 2012-06-22 09:37 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-06-22 09:37:59 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Aleksey 2012-04-17 20:07:39 EDT
libreport version: 2.0.8
executable:     /usr/bin/python
hashmarkername: setroubleshoot
kernel:         3.3.0-4.fc16.i686
reason:         SELinux is preventing rm from 'unlink' accesses on the lnk_file /var/lib/mysql/mysql.sock.
time:           Ср. 18 апр. 2012 04:43:14

description:
:SELinux is preventing rm from 'unlink' accesses on the lnk_file /var/lib/mysql/mysql.sock.
:
:*****  Plugin catchall (100. confidence) suggests  ***************************
:
:If you believe that rm should be allowed unlink access on the mysql.sock lnk_file by default.
:Then you should report this as a bug.
:You can generate a local policy module to allow this access.
:Do
:allow this access for now by executing:
:# grep rm /var/log/audit/audit.log | audit2allow -M mypol
:# semodule -i mypol.pp
:
:Additional Information:
:Source Context                system_u:system_r:mysqld_safe_t:s0
:Target Context                unconfined_u:object_r:mysqld_db_t:s0
:Target Objects                /var/lib/mysql/mysql.sock [ lnk_file ]
:Source                        rm
:Source Path                   rm
:Port                          <Неизвестно>
:Host                          (removed)
:Source RPM Packages           
:Target RPM Packages           
:Policy RPM                    selinux-policy-3.10.0-75.fc16
:Selinux Enabled               True
:Policy Type                   targeted
:Enforcing Mode                Enforcing
:Host Name                     (removed)
:Platform                      Linux (removed) 3.3.0-4.fc16.i686 #1
:                              SMP Tue Mar 20 18:45:14 UTC 2012 i686 i686
:Alert Count                   90
:First Seen                    Ср. 18 апр. 2012 02:09:13
:Last Seen                     Ср. 18 апр. 2012 04:39:59
:Local ID                      85413a16-e96f-4d2a-857a-8dd960829946
:
:Raw Audit Messages
:type=AVC msg=audit(1334709599.658:522): avc:  denied  { unlink } for  pid=32525 comm="rm" name="mysql.sock" dev="sda2" ino=183350 scontext=system_u:system_r:mysqld_safe_t:s0 tcontext=unconfined_u:object_r:mysqld_db_t:s0 tclass=lnk_file
:
:
:Hash: rm,mysqld_safe_t,mysqld_db_t,lnk_file,unlink
:
:audit2allow
:
:#============= mysqld_safe_t ==============
:allow mysqld_safe_t mysqld_db_t:lnk_file unlink;
:
:audit2allow -R
:
:#============= mysqld_safe_t ==============
:allow mysqld_safe_t mysqld_db_t:lnk_file unlink;
:
Comment 1 Miroslav Grepl 2012-04-18 04:51:33 EDT
How did you get this?

I see

$ ls -lZ /var/lib/mysql/
srwxrwxrwx. mysql mysql system_u:object_r:mysqld_var_run_t:s0 mysql.sock
Comment 2 Aleksey 2012-04-18 13:04:38 EDT
[root@localhost mysql]# ls -lZ /var/lib/mysql
-rw-rw----. mysql mysql unconfined_u:object_r:mysqld_db_t:s0 ibdata1
-rw-rw----. mysql mysql unconfined_u:object_r:mysqld_db_t:s0 ib_logfile0
-rw-rw----. mysql mysql unconfined_u:object_r:mysqld_db_t:s0 ib_logfile1
-rw-rw----. mysql mysql system_u:object_r:mysqld_db_t:s0 localhost.localdomain.err
-rw-rw----. mysql mysql unconfined_u:object_r:mysqld_db_t:s0 localhost.pid
-rw-r--r--. root  root  unconfined_u:object_r:mysqld_db_t:s0 mypol.mod
-rw-r--r--. root  root  unconfined_u:object_r:mysqld_db_t:s0 mypol.te
drwx------. mysql root  unconfined_u:object_r:mysqld_db_t:s0 mysql
-rw-r--r--. root  root  unconfined_u:object_r:mysqld_db_t:s0 mysql.sock
drwx------. root  root  unconfined_u:object_r:mysqld_db_t:s0 performance_schema
drwx------. mysql root  unconfined_u:object_r:mysqld_db_t:s0 test

problem is kept!

ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (111)
Comment 3 Miroslav Grepl 2012-04-20 08:10:14 EDT
Ok, could you try to run

$ systemctl stop mysqld.service

then the socket should not exist and then run

$ systemctl start mysqld.service
Comment 4 Miroslav Grepl 2012-06-22 09:37:59 EDT
Please reopen if this is still issue.

Note You need to log in before you can comment on or make changes to this bug.