Now normally I just move /var/lib/mysql to /home/mysql and symlink it.
Um... why? This seems like it would be more trouble than it's worth.
and with the symlink, I don't see the benefit.
SELinux complains with
Oct 10 21:21:59 intspare kernel: audit(1160479319.080:2): avc: denied
{ read } for pid=15784 comm="mysqld" name="mysql" dev=dm-0 ino=1230340
scontext=root:system_r:mysqld_t tcontext=root:object_r:var_lib_t
tclass=lnk_file
Correct. It has permission to access the directory where your symlink
is, but it cannot follow it.
Ok, I guess it doesnt like following symlinks so instead I edited /etc/my.cnf
This is really how you should move the data directory anyway. Faking
it as you were doing works, but it's not 'proper'.
Now SELinux complains with
Oct 10 22:04:27 intspare kernel: audit(1160481867.663:2): avc: denied
{ search } for pid=3073 comm="mysqld" name="/" dev=dm-1 ino=2
scontext=user_u:system_r:mysqld_t tcontext=system_u:object_r:home_root_t
tclass=dir
Correct, because now mysql doesn't have the proper context to be in
/home/ poking around.
WHY is mysqld trying to read / when I told it to use /home/mysql ?
Because you have to get to / before you can get to /home/ and
/home/mysql.. Directory traversal vulnerabilities are quite
commonplace, which is why you see all the
$DOCUMENT_ROOT/../../../etc/somedir/ type attempts in logs
occasionally for things like apache.
BTW, here is the security contexts on /home/mysql
# ls -laZ /home/
drwxr-xr-x mysql mysql system_u:object_r:mysqld_db_t mysql
I'm still questioning the logic for moving mysql.
Can anyone please shed some light on this for me?
What exactly is the avc message telling me and how do I fix it?
--
During times of universal deceit, telling the truth becomes a revolutionary act.
George Orwell
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
