Description of problem: # service mysql restart Occurs this alert SELinux is preventing /usr/bin/bash from 'write' accesses on the directory /. ***** Plugin catchall_boolean (89.3 confidence) suggests ******************* If you want to allow all daemons to write corefiles to / Then you must tell SELinux about this by enabling the 'daemons_dump_core' boolean. You can read 'None' man page for more details. Do setsebool -P daemons_dump_core 1 ***** Plugin catchall (11.6 confidence) suggests *************************** If you believe that bash should be allowed write access on the directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep mysqld_safe /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:mysqld_safe_t:s0 Target Context system_u:object_r:root_t:s0 Target Objects / [ dir ] Source mysqld_safe Source Path /usr/bin/bash Port <Unknown> Host (removed) Source RPM Packages bash-4.2.42-3.fc18.i686 Target RPM Packages filesystem-3.1-2.fc18.i686 Policy RPM selinux-policy-3.11.1-74.fc18.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.7.5-201.fc18.i686.PAE #1 SMP Mon Jan 28 20:06:14 UTC 2013 i686 i686 Alert Count 1 First Seen 2013-02-02 15:15:03 YEKT Last Seen 2013-02-02 15:15:03 YEKT Local ID e0556488-35ed-4278-a267-63db49984af6 Raw Audit Messages type=AVC msg=audit(1359796503.606:234): avc: denied { write } for pid=881 comm="mysqld_safe" name="/" dev="sda1" ino=2 scontext=system_u:system_r:mysqld_safe_t:s0 tcontext=system_u:object_r:root_t:s0 tclass=dir type=SYSCALL msg=audit(1359796503.606:234): arch=i386 syscall=faccessat success=no exit=EACCES a0=ffffff9c a1=841c608 a2=2 a3=200 items=0 ppid=850 pid=881 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm=mysqld_safe exe=/usr/bin/bash subj=system_u:system_r:mysqld_safe_t:s0 key=(null) Hash: mysqld_safe,mysqld_safe_t,root_t,dir,write audit2allow #============= mysqld_safe_t ============== #!!!! This avc can be allowed using the boolean 'daemons_dump_core' allow mysqld_safe_t root_t:dir write; audit2allow -R #============= mysqld_safe_t ============== #!!!! This avc can be allowed using the boolean 'daemons_dump_core' allow mysqld_safe_t root_t:dir write; Additional info: hashmarkername: setroubleshoot kernel: 3.7.5-201.fc18.i686.PAE type: libreport
What were you doing when this happened? # setsebool -P daemons_dump_core 1 if it relates with core dumps.
(In reply to comment #1) > What were you doing when this happened? I am install MariaDB. And try to start it with "service mysql restart"
I see your another bug. Please try to run # fixfiles restore
[root@localhost ~]# fixfiles restore Relabeling / /dev /dev/hugepages /dev/mqueue /dev/pts /dev/shm /home /run /sys /sys/fs/cgroup /tmp filespec_add: conflicting specifications for /var/log/boot.log and /var/spool/plymouth/boot.log, using system_u:object_r:plymouthd_spool_t:s0. [root@localhost ~]# service nginx restart Redirecting to /bin/systemctl restart nginx.service [root@localhost ~]# service php-fpm restart Redirecting to /bin/systemctl restart php-fpm.service [root@localhost ~]# service php-fpm mysql Redirecting to /bin/systemctl mysql php-fpm.service Unknown operation 'mysql'. [root@localhost ~]# /etc/init.d/mysql restart MySQL server PID file could not be found! [FAILED] Starting MySQL.. Last command still occurs this SELinux alert
How about trying restorecon -R -v / And tell me if lots of files get changed.
Also not help... Very strange: [root@localhost ~]# service mysql restart MySQL server PID file could not be found! [FAILED] Starting MySQL.The server quit without updating PID file (/[FAILED]mysql/localhost.localdomain.pid). [root@localhost ~]# /etc/init.d/mysql restart MySQL server PID file could not be found! [FAILED] Starting MySQL.. [ OK ] I couldn't start MariaDB through 'service' command.
Doesn't it support systemd unit files?
(In reply to comment #6) > [root@localhost ~]# service mysql restart That should be "service mysqld restart". When I try it as above (with mariadb-server-5.5.29-1.fc18 installed), I get [tgl@localhost ~]$ sudo service mysql start Redirecting to /bin/systemctl start mysql.service Failed to issue method call: Unit mysql.service failed to load: No such file or directory. See system logs and 'systemctl status mysql.service' for details. The fact that you're getting something different is pretty suspicious. I think maybe you have a handmade "mysql" service file in there that doesn't play nicely with mariadb. You'd need to tell us more about what's in that ...
# systemctl status mysql.service mysql.service - LSB: start and stop MySQL Loaded: loaded (/etc/rc.d/init.d/mysql) Active: failed (Result: exit-code) since Wed 2013-02-13 16:12:24 YEKT; 16h ago Process: 807 ExecStart=/etc/rc.d/init.d/mysql start (code=exited, status=1/FAILURE) Feb 13 16:12:23 localhost.localdomain systemd[1]: Starting LSB: start and stop MySQL... Feb 13 16:12:24 localhost.localdomain mysql[807]: Starting MySQL.The server quit without updating PID file (/var/lib/mysql/localhost.localdomain.pid).[FAILED] Feb 13 16:12:24 localhost.localdomain systemd[1]: mysql.service: control process exited, code=exited status=1 Feb 13 16:12:24 localhost.localdomain systemd[1]: Failed to start LSB: start and stop MySQL. Feb 13 16:12:24 localhost.localdomain systemd[1]: Unit mysql.service entered failed state I am installed MariaDB from this repoitory: # MariaDB 5.5 repository list - created 2013-01-31 17:21 UTC # http://mariadb.org/mariadb/repositories/ [mariadb] name = MariaDB baseurl = http://yum.mariadb.org/5.5/fedora18-x86 gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB gpgcheck=1
(In reply to comment #9) > I am installed MariaDB from this repoitory: > # MariaDB 5.5 repository list - created 2013-01-31 17:21 UTC > # http://mariadb.org/mariadb/repositories/ In that case you need to be complaining to the mariadb folk; this is not a problem with Fedora-supplied code. FWIW, there is now a Fedora-supplied packaging of MariaDB, and we had supposed you were talking about that. But you're not.
In Fedora 18 MariaDB is available out of box now? So, I may remove MariaDB and repository that I showed above and install MariaDB from offical fedora repository?
(In reply to comment #11) > In Fedora 18 MariaDB is available out of box now? So, I may remove MariaDB > and repository that I showed above and install MariaDB from offical fedora > repository? Yes, you can install MariaDB from the official F18 repository now. However, I'd recommend to use the build, which is now in updates-testing repository, since the one in stable has some conflict issues: https://admin.fedoraproject.org/updates/FEDORA-2013-2417/mariadb-5.5.29-4.fc18 For more info see the feature page: https://fedoraproject.org/wiki/Features/ReplaceMySQLwithMariaDB