On Mon, 06 Jul 2009 08:10:29 -0400, Daniel J Walsh wrote: > On 07/05/2009 11:57 PM, Amadeus W.M. wrote: >> Trying to run mysqld with datadir=/data/mysql (i.e. different than the >> default datadir=/var/lib/mysql). When I start mysqld for the first time >> it fails: >> >> [root@alm ~]# /etc/rc.d/init.d/mysqld start Initializing MySQL >> database: Installing MySQL system tables... 090705 23:01:52 [Warning] >> Can't create test file /data/mysql/alm.lower-test 090705 23:01:52 >> [Warning] Can't create test file /data/mysql/alm.lower-test >> /usr/libexec/mysqld: Can't change dir to '/data/mysql/' (Errcode: 13) >> 090705 23:01:52 [ERROR] Aborting >> >> >> >> and selinux pops up and says >> >> Summary: >> SELinux is preventing mysqld (mysqld_t) "search" to / (default_t). >> >> Detailed Description: >> SELinux denied access requested by mysqld. / may be a mislabeled. / >> default SELinux type is root_t, but its current type is default_t. >> Changing this file back to the default type, may fix your problem. >> >> <more stuff> >> >> >> Poking around on google I found this suggestion: >> >> >> http://www.linuxforums.org/forum/servers/54215-moving-mysql-datafile- >> another-location-2.html >> >> chcon -R -u system_u -r object_r -t mysqld_db_t /home/mysqldb chcon -R >> -u system_u -r object_r -t mysqld_db_t /var/lib/mysql/ chcon -u >> system_u -r object_r -t mysqld_etc_t /etc/my.cnf >> >> with /data/mysql instead of /home/mysqldb, of course. >> >> This was as of FC7. Would this still be the right thing to do in F11? >> I'm really being patient here with selinux, trying to give it a 2nd >> chance (first chance was about F3 or F4). I'm trying to avoid the >> barbaric solution of disabling it alltogether yet again. >> >> Oh, by the way, I am able to run mysqld without a hitch even with >> selinux enabled provided that I use the default datadir=/var/lib/mysql. >> That's not acceptable though, as my /var is too small for the colossal >> amount of data I have. >> >> >> I tried to keep this post relatively short, so I didn't include all >> selinux info. If more is necessary, I'll post it. Please help! >> >> >> >> >> > Here is a new guide we are working on for setting up different confined > services. There is a chapter on mysql. > > > > http://sradvan.fedorapeople.org/SELinux_Managing_Confined_Services/en-US/ html/ > > Specifically check out the chapter this page > > http://sradvan.fedorapeople.org/SELinux_Managing_Confined_Services/en-US/ html/sect-Managing_Confined_Services-MySQL-Configuration_Examples.html Thanks, I followed the instructions: [root@alm ~]# semanage fcontext -a -t mysqld_db_t "/data/mysql(/.*)?" [root@alm ~]# restorecon -R -v /data/mysql but now selinux complains about /data itself: Summary SELinux is preventing access to files with the default label, default_t. Additional Information Source Context: unconfined_u:system_r:mysqld_t:s0 Target Context: system_u:object_r:default_t:s0 Target Objects: /data [ dir ] Source: mysqld Source Path: /usr/libexec/mysqld And indeed, [root@alm ~]# ls -lZd /data drwxr-xr-x. amadeus users system_u:object_r:default_t:s0 /data So I'm guessing I should add a context for /data, something like semanage fcontext -a -t data_t "/data" restorecon -R -v /data/mysql Is that correct? Also, in addition to /data selinux is also complaining abut / : Summary SELinux is preventing mysqld (mysqld_t) "search" to / (default_t). Additional Information Source Context: unconfined_u:system_r:mysqld_t:s0 Target Context: system_u:object_r:default_t:s0 Target Objects: / [ dir ] Source: mysqld Source Path: /usr/libexec/mysqld But [root@alm ~]# ls -lZd / drwxr-xr-x. root root system_u:object_r:root_t:s0 / i.e. / is not default_t. What gives? -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
