Robert L Cochran wrote:
The following "avc denied" messages were recorded after upgrading MySQL-client-4.1.8 and MySQL-devel-4.1.8 to the corresponding 4.1.9 versions. After upgrading these, I additionally installed (for the first time) MySQL-server-4.1.9 and MySQL-shared-4.1.9. These are all binary x86 RPM packages downloaded from MySQL.com. They are running on a Fedora Core 3 system fully updated including the 741 kernel.
My question is: can I fix the problems brought up by these avc denied messages by following the same advice given earlier to the poster named "dragoran" from 11/10/2004 through 11/16/2004, in several messages with the subject line "PHP cannot connect to mysql server?" I wish to allow MySQL execute permission.
Any help gratefully accepted.
Thanks!
Bob Cochran Greenbelt, Maryland
And here are the avc messages:
audit(1106189173.580:0): avc: denied { append } for pid=4051 exe=/usr/sbin/mysqld path=/var/lib/mysql/rachelsp4.lingpgmr.com.err dev=dm-0 ino=3260518 scontext=user_u:system_r:mysqld_t tcontext=root:object_r:var_lib_t tclass=file
audit(1106189174.329:0): avc: denied { write } for pid=4051 exe=/usr/sbin/mysqld name=mysql dev=dm-0 ino=3260470 scontext=user_u:system_r:mysqld_t tcontext=root:object_r:var_lib_t tclass=dir
audit(1106189174.329:0): avc: denied { add_name } for pid=4051 exe=/usr/sbin/mysqld name=rachelsp4.lower-test scontext=user_u:system_r:mysqld_t tcontext=root:object_r:var_lib_t tclass=dir
audit(1106189174.329:0): avc: denied { create } for pid=4051 exe=/usr/sbin/mysqld name=rachelsp4.lower-test scontext=user_u:system_r:mysqld_t tcontext=user_u:object_r:var_lib_t tclass=file
audit(1106189174.408:0): avc: denied { remove_name } for pid=4051 exe=/usr/sbin/mysqld name=rachelsp4.lower-test dev=dm-0 ino=3260519 scontext=user_u:system_r:mysqld_t tcontext=root:object_r:var_lib_t tclass=dir
audit(1106189174.408:0): avc: denied { unlink } for pid=4051 exe=/usr/sbin/mysqld name=rachelsp4.lower-test dev=dm-0 ino=3260519 scontext=user_u:system_r:mysqld_t tcontext=user_u:object_r:var_lib_t tclass=file
audit(1106189174.449:0): avc: denied { create } for pid=4051 exe=/usr/sbin/mysqld name=mysql.sock scontext=user_u:system_r:mysqld_t tcontext=user_u:object_r:var_lib_t tclass=sock_file
audit(1106189174.711:0): avc: denied { read write } for pid=4051 exe=/usr/sbin/mysqld name=ibdata1 dev=dm-0 ino=3260520 scontext=user_u:system_r:mysqld_t tcontext=root:object_r:var_lib_t tclass=file
audit(1106189174.711:0): avc: denied { lock } for pid=4051 exe=/usr/sbin/mysqld path=/var/lib/mysql/ibdata1 dev=dm-0 ino=3260520 scontext=user_u:system_r:mysqld_t tcontext=root:object_r:var_lib_t tclass=file
audit(1106189175.480:0): avc: denied { write } for pid=4109 exe=/usr/sbin/mysqld path=/var/lib/mysql/rachelsp4.lingpgmr.com.pid dev=dm-0 ino=3260523 scontext=user_u:system_r:mysqld_t tcontext=user_u:object_r:var_lib_t tclass=file
audit(1106189175.845:0): avc: denied { getattr } for pid=4051 exe=/usr/sbin/mysqld path=/var/lib/mysql/mysql/host.MYI dev=dm-0 ino=3260477 scontext=user_u:system_r:mysqld_t tcontext=root:object_r:var_lib_t tclass=file
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list
restorecon -R -v /usr/lib/mysql should fix the problem.
Dan
