mysql issues...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Running the mysql command as a mortal user dies:

$ mysql -hlocalhost -u MMMMMM -p MMMMMM
Enter password: 
ERROR 2002: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (13)

after throwing this avc message:
May 24 21:34:19 pink kernel: audit(1085448859.069:0): avc:  denied  { search } for  pid=4519 exe=/usr/bin/mysql name=mysql dev=dm-6 ino=129035 scontext=user_u:user_r:user_t tcontext=system_u:object_r:mysqld_db_t tclass=dir

It's not able to search /var/lib/mysql to find the socket...

A (slightly edited) grep shows us:

[/etc/security/selinux/src/policy]3 find . | xargs grep mysqld_var_run | more
./domains/program/apache.te:allow httpd_php_t mysqld_var_run_t:dir { search };
./domains/program/apache.te:allow httpd_php_t mysqld_var_run_t:sock_file { write };
./domains/program/mysqld.te:allow mysqld_t mysqld_var_run_t:sock_file create_file_perms;
./domains/program/mysqld.te:allow initrc_t mysqld_var_run_t:sock_file write;
./domains/program/mysqld.te:allow logrotate_t mysqld_var_run_t:dir search;
./domains/program/mysqld.te:allow logrotate_t mysqld_var_run_t:sock_file write;
./file_contexts/program/mysqld.fc:/var/run/mysqld(/.*)?         system_u:object_r:mysqld_var_run_t
./file_contexts/file_contexts:/var/run/mysqld(/.*)?             system_u:object_r:mysqld_var_run_t

Does anybody see a good reason why we don't have this too:

mysqld.te: allow mysql_cmd_t mysqld_var_run_t:dir search;
mysqld.te: allow mysql_cmd_t mysqld_var_run_t:sock_file write;

and add this to mysqld.fc:

/usr/bin/mysql          system_u:object_r:mysql_cmd_t

(or the correct version thereof, it's way too late to think straight.. ;)

Attachment: pgp1lFn7k3z6t.pgp
Description: PGP signature

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux