Description of problem: Occurs upon logging in to my computer SELinux is preventing /usr/libexec/mysqld from 'write' accesses on the directory /opt/mysql/akonadi. ***** Plugin catchall_labels (83.8 confidence) suggests ******************** If you want to allow mysqld to have write access on the akonadi directory Then you need to change the label on /opt/mysql/akonadi Do # semanage fcontext -a -t FILE_TYPE '/opt/mysql/akonadi' where FILE_TYPE is one of the following: mysqld_db_t, mysqld_tmp_t, mysqld_var_run_t, tmp_t, var_lib_t, var_log_t, var_run_t. Then execute: restorecon -v '/opt/mysql/akonadi' ***** Plugin catchall (17.1 confidence) suggests *************************** If you believe that mysqld should be allowed write access on the akonadi directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep mysqld /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:mysqld_t:s0 Target Context system_u:object_r:usr_t:s0 Target Objects /opt/mysql/akonadi [ dir ] Source mysqld Source Path /usr/libexec/mysqld Port <Unknown> Host (removed) Source RPM Packages mysql-server-5.5.31-1.fc18.x86_64 Target RPM Packages Policy RPM selinux-policy-3.11.1-97.fc18.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 3.9.4-200.fc18.x86_64 #1 SMP Fri May 24 20:10:49 UTC 2013 x86_64 x86_64 Alert Count 2 First Seen 2013-06-11 05:39:31 EDT Last Seen 2013-06-11 05:50:44 EDT Local ID 296d9cca-508c-4e54-87b2-89060805b619 Raw Audit Messages type=AVC msg=audit(1370944244.157:430): avc: denied { write } for pid=2055 comm="mysqld" name="akonadi" dev="sdc1" ino=28575359 scontext=system_u:system_r:mysqld_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir type=AVC msg=audit(1370944244.157:430): avc: denied { add_name } for pid=2055 comm="mysqld" name="#sql-5d6_3.frm" scontext=system_u:system_r:mysqld_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir type=AVC msg=audit(1370944244.157:430): avc: denied { create } for pid=2055 comm="mysqld" name="#sql-5d6_3.frm" scontext=system_u:system_r:mysqld_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file type=SYSCALL msg=audit(1370944244.157:430): arch=x86_64 syscall=open success=yes exit=ELIBMAX a0=7f23082a0110 a1=242 a2=1b0 a3=fffffff0 items=0 ppid=1319 pid=2055 auid=4294967295 uid=27 gid=27 euid=27 suid=27 fsuid=27 egid=27 sgid=27 fsgid=27 ses=4294967295 tty=(none) comm=mysqld exe=/usr/libexec/mysqld subj=system_u:system_r:mysqld_t:s0 key=(null) Hash: mysqld,mysqld_t,usr_t,dir,write audit2allow #============= mysqld_t ============== allow mysqld_t usr_t:dir { write add_name }; allow mysqld_t usr_t:file create; audit2allow -R require { type mysqld_t; } #============= mysqld_t ============== files_manage_usr_files(mysqld_t) files_rw_usr_dirs(mysqld_t) Additional info: reporter: libreport-2.1.4 hashmarkername: setroubleshoot kernel: 3.9.4-200.fc18.x86_64 type: libreport
You need to add labeling for /opt/mysql how the alert tells you. Also you can use # semanage fcontext -a -e /var/lib/mysql /opt/mysql # restorecon -R -v /opt/mysql