On 04/26/2017 07:29 AM, Robert Moskowitz wrote:
On 04/26/2017 04:22 AM, Gordon Messmer wrote:
On 04/25/2017 03:25 PM, Robert Moskowitz wrote:
This made the same content as before that caused problems:
I still don't understand, exactly. Are you seeing *new* problems
after installing a policy? What are the problems?
#!!!! The file '/var/lib/mysql/mysql.sock' is mislabeled on your
system.
#!!!! Fix with $ restorecon -R -v /var/lib/mysql/mysql.sock
#!!!! This avc can be allowed using the boolean
'daemons_enable_cluster_mode'
allow dovecot_t mysqld_t:unix_stream_socket connectto;
What do these 3 comments mean?
I'm not sure about the first two. The context you see is the same I
see on the one system where I run mysqld. Running restorecon doesn't
change that context.
As for the latter, it sounds like you should be able to remove your
custom policy and "setsebool -P daemons_enable_cluster_mode 1" to
allow dovecot to connect to mysql.
did not work. it was set off, so I turned it on and tried it out. Got
the same errors:
Apr 26 01:25:45 z9m9z dovecot: dict: Error:
mysql(/var/lib/mysql/mysql.sock): Connect failed to database
(postfix): Can't connect to local MySQL server through socket
'/var/lib/mysql/mysql.sock' (13) - waiting for 1 seconds before retry
Apr 26 01:25:45 z9m9z dovecot: dict: Error: dict sql lookup failed:
Not connected to database
You would think that the mysql people would have a boolean to allow
specific apps to access the socket.
And document it.
mysql.org is really NOT helpful. They say:
If you are running under Linux and Security-Enhanced Linux (SELinux) is
enabled, make sure you have disabled SELinux protection for the mysqld
process.
They only policy available is for allowing http to access mysql.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
