-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Group,
I am seeing the errors (warning since I am on permissive mode) bellow
for mysql_upgrade after I enabled selinux.
Linux lrfurtado 2.6.26-2-xen-686 #1 SMP Thu Nov 25 02:32:31 UTC 2010
i686 GNU/Linux
cat /etc/debian_version
5.0.7
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: permissive
Mode from config file: permissive
Policy version: 23
Policy from config file: default
[ 31.271298] type=1400 audit(1294223212.646:7): avc: denied {
search } for pid=1372 comm="mysql_upgrade" name="bin" dev=xvda
ino=231661 scontext=system_u:system_r:mysqld_t:s0
tcontext=system_u:object_r:bin_t:s0 tclass=dir
[ 31.285387] type=1400 audit(1294223212.662:8): avc: denied { read
} for pid=1377 comm="mysql_upgrade" name="sh" dev=xvda ino=163914
scontext=system_u:system_r:mysqld_t:s0
tcontext=system_u:object_r:bin_t:s0 tclass=lnk_file
[ 31.285413] type=1400 audit(1294223212.662:9): avc: denied {
execute } for pid=1377 comm="mysql_upgrade" name="bash" dev=xvda
ino=163866 scontext=system_u:system_r:mysqld_t:s0
tcontext=system_u:object_r:shell_exec_t:s0 tclass=file
[ 31.285423] type=1400 audit(1294223212.662:10): avc: denied {
read } for pid=1377 comm="mysql_upgrade" name="bash" dev=xvda
ino=163866 scontext=system_u:system_r:mysqld_t:s0
tcontext=system_u:object_r:shell_exec_t:s0 tclass=file
[ 31.285459] type=1400 audit(1294223212.662:11): avc: denied {
execute_no_trans } for pid=1377 comm="mysql_upgrade" path="/bin/bash"
dev=xvda ino=163866 scontext=system_u:system_r:mysqld_t:s0
tcontext=system_u:object_r:shell_exec_t:s0 tclass=file
[ 31.286542] type=1400 audit(1294223212.662:12): avc: denied {
getattr } for pid=1377 comm="sh" path="/bin/bash" dev=xvda ino=163866
scontext=system_u:system_r:mysqld_t:s0
tcontext=system_u:object_r:shell_exec_t:s0 tclass=file
[ 31.287663] type=1400 audit(1294223212.662:13): avc: denied {
execute } for pid=1378 comm="sh" name="mysql" dev=xvda ino=231409
scontext=system_u:system_r:mysqld_t:s0
tcontext=system_u:object_r:bin_t:s0 tclass=file
[ 31.287678] type=1400 audit(1294223212.662:14): avc: denied {
read } for pid=1378 comm="sh" name="mysql" dev=xvda ino=231409
scontext=system_u:system_r:mysqld_t:s0
tcontext=system_u:object_r:bin_t:s0 tclass=file
when I run audit2allow I get the following:
#============= mysqld_t ==============
allow mysqld_t bin_t:dir search;
allow mysqld_t bin_t:file { read execute };
allow mysqld_t bin_t:lnk_file read;
allow mysqld_t shell_exec_t:file { read execute getattr
execute_no_trans };
I have also attached the output of:
sesearch --all | grep mysql > /tmp/mysql.policy
What's the proper fix here? I dont want to give the mysqld_t permission
to execute arbitrary scripts. The only solution I have right now is to
relabel mysql_upgrade so it runs as unconfined, and that's not much of
a solution.
Best Regards.
Luciano
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJNMF2mAAoJENgwSj9ZOOwrzbMH/2KBIxOUf68Z/7L1RKAN6pH8
kIIGmcTZRODa5PLTpEIMNPPHij3q2Pmx+nmQk4A0tbWKnmxZORLuEAodwOgZjdg5
pEXqc5SrISid4z5x2hU/x9sXkNaXXUZMXjz+TtdoGQvlAkiwlXZh2YZlcmQAQ2ax
tTrk/sc7KHoHmoDADubsDhbSohj3lqY7hvwTtlLlYQnLnEmwHBPKvr3kQOMS3RDT
4V4Rv5FkrzBRjOJo6FkzwI/UOdR+fIqGkts0L47/R/nSd8cv60IvncpVMqKTaTfY
7f/FfoYGT1w2iKaPx2xingFA8SWXyFQ/8GPKULSEZ3sdSjx+O06UKD6jHet3+oo=
=3Fq0
-----END PGP SIGNATURE-----
allow dpkg_t mysqld_var_run_t : file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open } ;
allow dpkg_t mysqld_var_run_t : dir { ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename add_name remove_name reparent search rmdir open } ;
allow httpd_t mysqld_var_run_t : dir { getattr search } ;
allow system_crond_t mysqld_var_run_t : dir { getattr search } ;
allow dpkg_t mysqld_var_run_t : lnk_file { read create getattr setattr relabelfrom relabelto unlink rename } ;
allow dpkg_t mysqld_var_run_t : chr_file { getattr relabelfrom } ;
allow dpkg_t mysqld_var_run_t : blk_file { getattr relabelfrom } ;
allow dpkg_t mysqld_var_run_t : sock_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename } ;
allow httpd_t mysqld_var_run_t : sock_file { write getattr } ;
allow system_crond_t mysqld_var_run_t : sock_file { write getattr } ;
allow dpkg_t mysqld_var_run_t : fifo_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open } ;
dontaudit mysqld_t selinux_config_t : file { read getattr } ;
dontaudit mysqld_t selinux_config_t : dir search ;
allow mysqld_t mysqld_server_packet_t : packet { send recv } ;
allow logrotate_t mysqld_db_t : dir search ;
allow mysqld_t @ttr0215 : filesystem getattr ;
dontaudit sysadm_t mysqld_port_t : tcp_socket name_bind ;
dontaudit sysadm_t mysqld_port_t : udp_socket name_bind ;
allow mysqld_t autofs_t : dir { getattr search } ;
allow mysqld_t device_t : dir { ioctl read getattr lock search } ;
allow mysqld_t device_t : lnk_file { read getattr } ;
allow mysqld_t devlog_t : lnk_file read ;
allow mysqld_t devpts_t : dir { ioctl read getattr lock search } ;
allow mysqld_t devlog_t : sock_file { ioctl read write getattr lock append } ;
allow mysqld_t initrc_t : process sigchld ;
allow mysqld_t initrc_t : fd use ;
allow mysqld_t locale_t : file { ioctl read getattr lock } ;
allow mysqld_t locale_t : dir { ioctl read getattr lock search } ;
allow mysqld_t initrc_t : fifo_file { ioctl read write getattr lock append } ;
allow mysqld_t locale_t : lnk_file { read getattr } ;
allow mysqld_t etc_t : file { ioctl read getattr lock } ;
allow mysqld_t etc_t : dir { ioctl read getattr lock search } ;
allow mysqld_t etc_t : lnk_file { read getattr } ;
allow logrotate_t mysqld_t : unix_stream_socket connectto ;
allow mysqld_t ld_so_t : file { ioctl read getattr execute } ;
allow mysqld_t ld_so_t : lnk_file { read getattr } ;
allow mysqld_t proc_t : file { ioctl read getattr lock } ;
allow mysqld_t proc_t : dir { ioctl read getattr lock search } ;
allow mysqld_t proc_t : lnk_file { read getattr } ;
allow mysqld_t sysfs_t : file { ioctl read getattr lock } ;
allow mysqld_t sysfs_t : dir { ioctl read getattr lock search } ;
allow mysqld_t sysfs_t : lnk_file { read getattr } ;
allow restorecond_t mysqld_var_run_t : file { ioctl read getattr lock relabelfrom relabelto } ;
dontaudit unconfined_t mysqld_var_run_t : file getattr ;
allow initrc_t mysqld_var_run_t : dir { getattr search } ;
allow httpd_sys_script_t mysqld_var_run_t : dir { getattr search } ;
allow restorecond_t mysqld_var_run_t : dir { ioctl read getattr lock relabelfrom relabelto search } ;
dontaudit unconfined_t mysqld_var_run_t : dir { ioctl read getattr lock search } ;
allow restorecond_t mysqld_var_run_t : lnk_file { getattr relabelfrom relabelto } ;
dontaudit unconfined_t mysqld_var_run_t : lnk_file getattr ;
allow restorecond_t mysqld_var_run_t : chr_file { getattr relabelfrom } ;
allow restorecond_t mysqld_var_run_t : blk_file { getattr relabelfrom } ;
allow initrc_t mysqld_var_run_t : sock_file { write getattr } ;
allow httpd_sys_script_t mysqld_var_run_t : sock_file { write getattr } ;
allow restorecond_t mysqld_var_run_t : sock_file { getattr relabelfrom relabelto } ;
dontaudit unconfined_t mysqld_var_run_t : sock_file getattr ;
allow restorecond_t mysqld_var_run_t : fifo_file { getattr relabelfrom relabelto } ;
dontaudit unconfined_t mysqld_var_run_t : fifo_file getattr ;
dontaudit mysqld_t console_device_t : chr_file { ioctl read write getattr lock append } ;
allow mysqld_t console_device_t : chr_file { ioctl read write getattr lock append } ;
dontaudit staff_t mysqld_etc_t : file getattr ;
dontaudit staff_t mysqld_etc_t : dir { ioctl read getattr lock search } ;
dontaudit staff_t mysqld_etc_t : lnk_file getattr ;
dontaudit staff_t mysqld_log_t : file getattr ;
dontaudit staff_t mysqld_log_t : dir { ioctl read getattr lock search } ;
dontaudit staff_t mysqld_etc_t : sock_file getattr ;
dontaudit staff_t mysqld_etc_t : fifo_file getattr ;
dontaudit staff_t mysqld_log_t : lnk_file getattr ;
dontaudit staff_t mysqld_log_t : sock_file getattr ;
dontaudit staff_t mysqld_log_t : fifo_file getattr ;
allow mysqld_t udev_tbl_t : file { ioctl read getattr lock } ;
dontaudit user_t mysqld_var_run_t : file getattr ;
dontaudit user_t mysqld_var_run_t : dir { ioctl read getattr lock search } ;
dontaudit user_t mysqld_var_run_t : lnk_file getattr ;
dontaudit user_t mysqld_var_run_t : sock_file getattr ;
dontaudit user_t mysqld_var_run_t : fifo_file getattr ;
allow mysqld_log_t tmp_t : filesystem associate ;
allow mysqld_t mysqld_etc_t : file { read getattr } ;
allow mysqld_t mysqld_etc_t : dir { ioctl read getattr lock search } ;
allow mysqld_t mysqld_etc_t : lnk_file { read getattr } ;
allow mysqld_t mysqld_log_t : file { ioctl read write create getattr setattr lock append unlink link rename open } ;
allow mysqld_t netlabel_peer_t : tcp_socket recvfrom ;
allow mysqld_t netlabel_peer_t : udp_socket recvfrom ;
allow mysqld_t netlabel_peer_t : rawip_socket recvfrom ;
dontaudit staff_t mysqld_exec_t : file getattr ;
dontaudit staff_t mysqld_exec_t : dir { ioctl read getattr lock search } ;
dontaudit staff_t mysqld_exec_t : lnk_file getattr ;
dontaudit staff_t mysqld_exec_t : sock_file getattr ;
dontaudit staff_t mysqld_exec_t : fifo_file getattr ;
allow mysqld_t netlabel_peer_t : peer recv ;
allow mysqld_t ld_so_cache_t : file { ioctl read getattr lock } ;
allow mysqld_t @ttr0484 : netif { tcp_recv tcp_send udp_recv udp_send ingress egress } ;
allow mysqld_t newrole_t : process sigchld ;
allow mysqld_t initrc_devpts_t : chr_file { ioctl read write getattr lock append } ;
allow mysqld_t var_log_t : dir { ioctl read write getattr lock add_name remove_name search } ;
allow dpkg_t mysqld_etc_t : file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open } ;
allow system_crond_t mysqld_etc_t : file { read getattr } ;
allow dpkg_t mysqld_etc_t : dir { ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename add_name remove_name reparent search rmdir open } ;
allow system_crond_t mysqld_etc_t : dir { read getattr search } ;
allow dpkg_t mysqld_etc_t : lnk_file { read create getattr setattr relabelfrom relabelto unlink rename } ;
allow system_crond_t mysqld_etc_t : lnk_file { read getattr } ;
allow dpkg_t mysqld_etc_t : chr_file { getattr relabelfrom } ;
allow dpkg_t mysqld_log_t : file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open } ;
allow dpkg_t mysqld_etc_t : blk_file { getattr relabelfrom } ;
allow dpkg_t mysqld_log_t : dir { ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename add_name remove_name reparent search rmdir open } ;
allow dpkg_t mysqld_etc_t : sock_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename } ;
allow dpkg_t mysqld_etc_t : fifo_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open } ;
allow dpkg_t mysqld_log_t : lnk_file { read create getattr setattr relabelfrom relabelto unlink rename } ;
allow dpkg_t mysqld_log_t : chr_file { getattr relabelfrom } ;
allow dpkg_t mysqld_log_t : blk_file { getattr relabelfrom } ;
allow dpkg_t mysqld_log_t : sock_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename } ;
allow dpkg_t mysqld_log_t : fifo_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open } ;
allow mysqld_t @ttr0543 : process sigchld ;
allow mysqld_t @ttr0543 : fd use ;
allow mysqld_t @ttr0543 : fifo_file { ioctl read write getattr lock append } ;
allow mysqld_t ldap_client_packet_t : packet { send recv } ;
allow @ttr0543 mysqld_exec_t : file { read getattr execute } ;
allow mysqld_t mysqld_exec_t : file { ioctl read getattr lock execute entrypoint } ;
dontaudit staff_t mysqld_db_t : file getattr ;
dontaudit staff_t mysqld_db_t : dir { ioctl read getattr lock search } ;
dontaudit staff_t mysqld_db_t : lnk_file getattr ;
dontaudit staff_t mysqld_db_t : sock_file getattr ;
dontaudit staff_t mysqld_db_t : fifo_file getattr ;
allow mysqld_t net_conf_t : file { ioctl read getattr lock } ;
allow mysqld_t sysctl_kernel_t : file { ioctl read getattr lock } ;
allow mysqld_t sysctl_kernel_t : dir { ioctl read getattr lock search } ;
allow mysqld_t home_root_t : dir { getattr search } ;
allow mysqld_t mysqld_client_packet_t : packet { send recv } ;
allow restorecond_t mysqld_etc_t : file { ioctl read getattr lock relabelfrom relabelto } ;
dontaudit unconfined_t mysqld_etc_t : file getattr ;
allow restorecond_t mysqld_etc_t : dir { ioctl read getattr lock relabelfrom relabelto search } ;
dontaudit unconfined_t mysqld_etc_t : dir { ioctl read getattr lock search } ;
allow restorecond_t mysqld_etc_t : lnk_file { getattr relabelfrom relabelto } ;
dontaudit unconfined_t mysqld_etc_t : lnk_file getattr ;
allow initrc_t mysqld_log_t : file { ioctl write setattr append } ;
allow restorecond_t mysqld_etc_t : chr_file { getattr relabelfrom } ;
allow restorecond_t mysqld_log_t : file { ioctl read getattr lock relabelfrom relabelto } ;
dontaudit unconfined_t mysqld_log_t : file getattr ;
allow restorecond_t mysqld_etc_t : blk_file { getattr relabelfrom } ;
allow restorecond_t mysqld_log_t : dir { ioctl read getattr lock relabelfrom relabelto search } ;
dontaudit unconfined_t mysqld_log_t : dir { ioctl read getattr lock search } ;
allow restorecond_t mysqld_etc_t : sock_file { getattr relabelfrom relabelto } ;
dontaudit unconfined_t mysqld_etc_t : sock_file getattr ;
allow restorecond_t mysqld_etc_t : fifo_file { getattr relabelfrom relabelto } ;
allow restorecond_t mysqld_log_t : lnk_file { getattr relabelfrom relabelto } ;
dontaudit unconfined_t mysqld_etc_t : fifo_file getattr ;
dontaudit unconfined_t mysqld_log_t : lnk_file getattr ;
allow restorecond_t mysqld_log_t : chr_file { getattr relabelfrom } ;
allow restorecond_t mysqld_log_t : blk_file { getattr relabelfrom } ;
allow restorecond_t mysqld_log_t : sock_file { getattr relabelfrom relabelto } ;
dontaudit unconfined_t mysqld_log_t : sock_file getattr ;
allow restorecond_t mysqld_log_t : fifo_file { getattr relabelfrom relabelto } ;
dontaudit unconfined_t mysqld_log_t : fifo_file getattr ;
allow dpkg_t mysqld_exec_t : file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open } ;
allow dpkg_t mysqld_exec_t : dir { ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename add_name remove_name reparent search rmdir open } ;
allow dpkg_t mysqld_exec_t : lnk_file { read create getattr setattr relabelfrom relabelto unlink rename } ;
allow dpkg_t mysqld_exec_t : chr_file { getattr relabelfrom } ;
allow dpkg_t mysqld_exec_t : blk_file { getattr relabelfrom } ;
allow dpkg_t mysqld_exec_t : sock_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename } ;
allow dpkg_t mysqld_exec_t : fifo_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open } ;
allow mysqld_t mysqld_db_t : file { ioctl read write create getattr setattr lock append unlink link rename open } ;
allow mysqld_t mysqld_db_t : dir { ioctl read write create getattr setattr lock unlink link rename add_name remove_name reparent search rmdir open } ;
allow mysqld_t mysqld_db_t : lnk_file { read create getattr setattr unlink rename } ;
allow @ttr0543 mysqld_t : process { transition noatsecure siginh rlimitinh } ;
dontaudit @ttr0543 mysqld_t : process { noatsecure siginh rlimitinh } ;
allow mysqld_t mysqld_t : process { fork sigchld sigkill sigstop signull signal getsched setsched setrlimit rlimitinh } ;
allow mysqld_t mysqld_t : capability { dac_override setgid setuid net_bind_service sys_resource } ;
dontaudit mysqld_t mysqld_t : capability sys_tty_config ;
allow mysqld_t mysqld_t : file { ioctl read write getattr lock append } ;
allow mysqld_t mysqld_t : dir { ioctl read getattr lock search } ;
allow mysqld_t mysqld_t : lnk_file { ioctl read getattr lock } ;
allow mysqld_t mysqld_t : fifo_file { read write } ;
allow mysqld_t mysqld_t : tcp_socket { ioctl read write create getattr setattr append bind connect listen accept getopt setopt shutdown } ;
allow mysqld_t mysqld_t : udp_socket { ioctl read write create getattr setattr append bind connect getopt setopt shutdown } ;
allow mysqld_t mysqld_t : unix_stream_socket { ioctl read write create getattr setattr append bind connect listen accept getopt setopt shutdown } ;
allow mysqld_t mysqld_t : unix_dgram_socket { ioctl read write create getattr setattr append bind connect getopt setopt shutdown } ;
allow mysqld_t sysctl_t : dir { getattr search } ;
allow mysqld_t mysqld_t : netlink_route_socket { ioctl read write create getattr setattr append bind connect getopt setopt shutdown nlmsg_read } ;
allow mysqld_t cert_t : file { ioctl read getattr lock } ;
allow mysqld_t cert_t : dir { ioctl read getattr lock search } ;
allow mysqld_t cert_t : lnk_file { read getattr } ;
allow mysqld_t mysqld_t : association sendto ;
allow mysqld_t init_t : process { sigchld signull } ;
dontaudit mysqld_t init_t : fd use ;
allow mysqld_t lib_t : file { ioctl read getattr lock execute } ;
allow mysqld_t lib_t : dir { ioctl read getattr lock search } ;
allow mysqld_t lib_t : lnk_file { read getattr } ;
allow dpkg_script_t mysqld_var_run_t : file { ioctl read write create getattr setattr lock append unlink link rename open } ;
allow dpkg_script_t mysqld_var_run_t : dir { ioctl read write create getattr setattr lock unlink link rename add_name remove_name reparent search rmdir open } ;
allow dpkg_script_t mysqld_var_run_t : lnk_file { read create getattr setattr unlink rename } ;
allow dpkg_script_t mysqld_var_run_t : sock_file { ioctl read write create getattr setattr lock append unlink link rename } ;
allow dpkg_script_t mysqld_var_run_t : fifo_file { ioctl read write create getattr setattr lock append unlink link rename open } ;
allow mysqld_t tmp_t : dir { ioctl read write getattr lock add_name remove_name search } ;
allow mysqld_t usr_t : file { ioctl read getattr lock } ;
allow mysqld_t usr_t : dir { ioctl read getattr lock search } ;
allow mysqld_t usr_t : lnk_file { read getattr } ;
allow mysqld_t var_t : dir { getattr search } ;
dontaudit user_t mysqld_etc_t : file getattr ;
dontaudit user_t mysqld_etc_t : dir { ioctl read getattr lock search } ;
dontaudit user_t mysqld_etc_t : lnk_file getattr ;
dontaudit user_t mysqld_log_t : file getattr ;
dontaudit user_t mysqld_log_t : dir { ioctl read getattr lock search } ;
dontaudit user_t mysqld_etc_t : sock_file getattr ;
dontaudit user_t mysqld_etc_t : fifo_file getattr ;
dontaudit user_t mysqld_log_t : lnk_file getattr ;
dontaudit user_t mysqld_log_t : sock_file getattr ;
dontaudit user_t mysqld_log_t : fifo_file getattr ;
allow initrc_t mysqld_exec_t : file { read getattr execute } ;
allow restorecond_t mysqld_exec_t : file { ioctl read getattr lock relabelfrom relabelto } ;
dontaudit unconfined_t mysqld_exec_t : file getattr ;
allow restorecond_t mysqld_exec_t : dir { ioctl read getattr lock relabelfrom relabelto search } ;
dontaudit unconfined_t mysqld_exec_t : dir { ioctl read getattr lock search } ;
allow restorecond_t mysqld_exec_t : lnk_file { getattr relabelfrom relabelto } ;
dontaudit unconfined_t mysqld_exec_t : lnk_file getattr ;
allow restorecond_t mysqld_exec_t : chr_file { getattr relabelfrom } ;
allow restorecond_t mysqld_exec_t : blk_file { getattr relabelfrom } ;
allow restorecond_t mysqld_exec_t : sock_file { getattr relabelfrom relabelto } ;
dontaudit unconfined_t mysqld_exec_t : sock_file getattr ;
allow restorecond_t mysqld_exec_t : fifo_file { getattr relabelfrom relabelto } ;
dontaudit unconfined_t mysqld_exec_t : fifo_file getattr ;
allow dpkg_t mysqld_db_t : file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open } ;
allow dpkg_t mysqld_db_t : dir { ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename add_name remove_name reparent search rmdir open } ;
allow httpd_t mysqld_db_t : dir search ;
allow dpkg_t mysqld_db_t : lnk_file { read create getattr setattr relabelfrom relabelto unlink rename } ;
allow dpkg_t mysqld_db_t : chr_file { getattr relabelfrom } ;
allow dpkg_t mysqld_db_t : blk_file { getattr relabelfrom } ;
allow dpkg_t mysqld_db_t : sock_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename } ;
allow httpd_t mysqld_db_t : sock_file { ioctl read write getattr lock append } ;
allow dpkg_t mysqld_db_t : fifo_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open } ;
dontaudit staff_t mysqld_tmp_t : file getattr ;
dontaudit staff_t mysqld_tmp_t : dir { ioctl read getattr lock search } ;
dontaudit staff_t mysqld_tmp_t : lnk_file getattr ;
dontaudit staff_t mysqld_tmp_t : sock_file getattr ;
dontaudit staff_t mysqld_tmp_t : fifo_file getattr ;
allow mysqld_t ldap_port_t : tcp_socket { recv_msg send_msg name_connect } ;
allow httpd_t mysqld_t : unix_stream_socket connectto ;
allow system_crond_t mysqld_t : unix_stream_socket connectto ;
dontaudit mysqld_t @ttr0885 : fd use ;
allow mysqld_var_run_t mysqld_var_run_t : filesystem associate ;
allow mysqld_t dns_port_t : tcp_socket { recv_msg send_msg name_connect } ;
allow mysqld_t dns_port_t : udp_socket { recv_msg send_msg } ;
allow mysqld_t textrel_shlib_t : file { ioctl read getattr execute execmod } ;
allow mysqld_t textrel_shlib_t : lnk_file { read getattr } ;
dontaudit user_t mysqld_exec_t : file getattr ;
dontaudit user_t mysqld_exec_t : dir { ioctl read getattr lock search } ;
dontaudit user_t mysqld_exec_t : lnk_file getattr ;
dontaudit user_t mysqld_exec_t : sock_file getattr ;
dontaudit user_t mysqld_exec_t : fifo_file getattr ;
allow restorecond_t mysqld_db_t : file { ioctl read getattr lock relabelfrom relabelto } ;
dontaudit unconfined_t mysqld_db_t : file getattr ;
allow httpd_sys_script_t mysqld_db_t : dir search ;
allow restorecond_t mysqld_db_t : dir { ioctl read getattr lock relabelfrom relabelto search } ;
dontaudit unconfined_t mysqld_db_t : dir { ioctl read getattr lock search } ;
allow restorecond_t mysqld_db_t : lnk_file { getattr relabelfrom relabelto } ;
dontaudit unconfined_t mysqld_db_t : lnk_file getattr ;
allow restorecond_t mysqld_db_t : chr_file { getattr relabelfrom } ;
allow restorecond_t mysqld_db_t : blk_file { getattr relabelfrom } ;
allow httpd_sys_script_t mysqld_db_t : sock_file { ioctl read write getattr lock append } ;
allow restorecond_t mysqld_db_t : sock_file { getattr relabelfrom relabelto } ;
dontaudit unconfined_t mysqld_db_t : sock_file getattr ;
allow restorecond_t mysqld_db_t : fifo_file { getattr relabelfrom relabelto } ;
dontaudit unconfined_t mysqld_db_t : fifo_file getattr ;
allow mysqld_t mysqld_tmp_t : file { ioctl read write create getattr setattr lock append unlink link rename open } ;
allow mysqld_t mysqld_tmp_t : dir { ioctl read write create getattr setattr lock unlink link rename add_name remove_name reparent search rmdir open } ;
dontaudit ftpd_t mysqld_port_t : tcp_socket name_bind ;
allow ftpd_t mysqld_port_t : tcp_socket name_bind ;
dontaudit staff_t mysqld_port_t : udp_socket name_bind ;
dontaudit mysqld_t security_t : filesystem getattr ;
dontaudit mysqld_t security_t : file { read getattr } ;
dontaudit mysqld_t security_t : dir { getattr search } ;
allow initrc_t mysqld_t : process transition ;
dontaudit initrc_t mysqld_t : process { noatsecure siginh rlimitinh } ;
allow initrc_t mysqld_t : unix_stream_socket connectto ;
allow httpd_sys_script_t mysqld_t : unix_stream_socket connectto ;
allow httpd_php_t mysqld_var_run_t : dir { getattr search } ;
allow httpd_php_t mysqld_var_run_t : sock_file { write getattr } ;
allow mysqld_db_t mysqld_db_t : filesystem associate ;
dontaudit user_t mysqld_db_t : file getattr ;
dontaudit user_t mysqld_db_t : dir { ioctl read getattr lock search } ;
dontaudit user_t mysqld_db_t : lnk_file getattr ;
allow mysqld_t syslogd_t : unix_stream_socket connectto ;
allow mysqld_t syslogd_t : unix_dgram_socket sendto ;
dontaudit user_t mysqld_db_t : sock_file getattr ;
dontaudit user_t mysqld_db_t : fifo_file getattr ;
allow dpkg_t mysqld_tmp_t : file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open } ;
allow dpkg_t mysqld_tmp_t : dir { ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename add_name remove_name reparent search rmdir open } ;
allow mysqld_t var_lib_t : dir { ioctl read write getattr lock add_name remove_name search } ;
allow dpkg_t mysqld_tmp_t : lnk_file { read create getattr setattr relabelfrom relabelto unlink rename } ;
allow dpkg_t mysqld_tmp_t : chr_file { getattr relabelfrom } ;
allow dpkg_t mysqld_tmp_t : blk_file { getattr relabelfrom } ;
allow mysqld_t var_run_t : dir { ioctl read write getattr lock add_name remove_name search } ;
allow dpkg_t mysqld_tmp_t : sock_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename } ;
allow dpkg_t mysqld_tmp_t : fifo_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open } ;
allow mysqld_t sysadm_home_t : file { ioctl read getattr lock } ;
allow mysqld_t sysadm_home_t : dir { ioctl read getattr lock search } ;
allow mysqld_t sysadm_home_t : lnk_file { read getattr } ;
allow mysqld_t mysqld_port_t : tcp_socket { name_bind name_connect } ;
dontaudit sysadm_t mysqld_var_run_t : file getattr ;
allow sysadm_t mysqld_var_run_t : file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open } ;
dontaudit sysadm_t mysqld_var_run_t : dir { ioctl read getattr lock search } ;
allow sysadm_t mysqld_var_run_t : dir { ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename add_name remove_name reparent search rmdir open } ;
dontaudit sysadm_t mysqld_var_run_t : lnk_file getattr ;
allow sysadm_t mysqld_var_run_t : lnk_file { read create getattr setattr relabelfrom relabelto unlink rename } ;
allow sysadm_t mysqld_var_run_t : chr_file { getattr relabelfrom } ;
allow sysadm_t mysqld_var_run_t : blk_file { getattr relabelfrom } ;
dontaudit sysadm_t mysqld_var_run_t : sock_file getattr ;
allow sysadm_t mysqld_var_run_t : sock_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename } ;
dontaudit sysadm_t mysqld_var_run_t : fifo_file getattr ;
allow sysadm_t mysqld_var_run_t : fifo_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open } ;
allow dpkg_script_t mysqld_etc_t : file { ioctl read write create getattr setattr lock append unlink link rename open } ;
allow dpkg_script_t mysqld_etc_t : dir { ioctl read write create getattr setattr lock unlink link rename add_name remove_name reparent search rmdir open } ;
allow dpkg_script_t mysqld_etc_t : lnk_file { read create getattr setattr unlink rename } ;
allow dpkg_script_t mysqld_log_t : file { ioctl read write create getattr setattr lock append unlink link rename open } ;
allow dpkg_script_t mysqld_log_t : dir { ioctl read write create getattr setattr lock unlink link rename add_name remove_name reparent search rmdir open } ;
allow dpkg_script_t mysqld_etc_t : sock_file { ioctl read write create getattr setattr lock append unlink link rename } ;
allow dpkg_script_t mysqld_etc_t : fifo_file { ioctl read write create getattr setattr lock append unlink link rename open } ;
allow dpkg_script_t mysqld_log_t : lnk_file { read create getattr setattr unlink rename } ;
allow dpkg_script_t mysqld_log_t : sock_file { ioctl read write create getattr setattr lock append unlink link rename } ;
allow dpkg_script_t mysqld_log_t : fifo_file { ioctl read write create getattr setattr lock append unlink link rename open } ;
allow restorecond_t mysqld_tmp_t : file { ioctl read getattr lock relabelfrom relabelto } ;
dontaudit unconfined_t mysqld_tmp_t : file getattr ;
allow restorecond_t mysqld_tmp_t : dir { ioctl read getattr lock relabelfrom relabelto search } ;
dontaudit unconfined_t mysqld_tmp_t : dir { ioctl read getattr lock search } ;
allow restorecond_t mysqld_tmp_t : lnk_file { getattr relabelfrom relabelto } ;
dontaudit unconfined_t mysqld_tmp_t : lnk_file getattr ;
allow restorecond_t mysqld_tmp_t : chr_file { getattr relabelfrom } ;
allow restorecond_t mysqld_tmp_t : blk_file { getattr relabelfrom } ;
allow restorecond_t mysqld_tmp_t : sock_file { getattr relabelfrom relabelto } ;
dontaudit unconfined_t mysqld_tmp_t : sock_file getattr ;
allow restorecond_t mysqld_tmp_t : fifo_file { getattr relabelfrom relabelto } ;
dontaudit unconfined_t mysqld_tmp_t : fifo_file getattr ;
allow dpkg_script_t mysqld_exec_t : file { ioctl read write create getattr setattr lock append unlink link rename open } ;
allow dpkg_script_t mysqld_exec_t : dir { ioctl read write create getattr setattr lock unlink link rename add_name remove_name reparent search rmdir open } ;
allow dpkg_script_t mysqld_exec_t : lnk_file { read create getattr setattr unlink rename } ;
allow dpkg_script_t mysqld_exec_t : sock_file { ioctl read write create getattr setattr lock append unlink link rename } ;
allow dpkg_script_t mysqld_exec_t : fifo_file { ioctl read write create getattr setattr lock append unlink link rename open } ;
dontaudit user_t mysqld_tmp_t : file getattr ;
dontaudit user_t mysqld_tmp_t : dir { ioctl read getattr lock search } ;
dontaudit user_t mysqld_tmp_t : lnk_file getattr ;
dontaudit user_t mysqld_tmp_t : sock_file getattr ;
dontaudit user_t mysqld_tmp_t : fifo_file getattr ;
allow dpkg_script_t mysqld_db_t : file { ioctl read write create getattr setattr lock append unlink link rename open } ;
allow dpkg_script_t mysqld_db_t : dir { ioctl read write create getattr setattr lock unlink link rename add_name remove_name reparent search rmdir open } ;
allow dpkg_script_t mysqld_db_t : lnk_file { read create getattr setattr unlink rename } ;
allow dpkg_script_t mysqld_db_t : sock_file { ioctl read write create getattr setattr lock append unlink link rename } ;
allow dpkg_script_t mysqld_db_t : fifo_file { ioctl read write create getattr setattr lock append unlink link rename open } ;
dontaudit user_t mysqld_port_t : udp_socket name_bind ;
allow logrotate_t mysqld_var_run_t : dir { getattr search } ;
allow logrotate_t mysqld_var_run_t : sock_file { write getattr } ;
dontaudit sysadm_t mysqld_etc_t : file getattr ;
allow sysadm_t mysqld_etc_t : file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open } ;
dontaudit sysadm_t mysqld_etc_t : dir { ioctl read getattr lock search } ;
allow sysadm_t mysqld_etc_t : dir { ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename add_name remove_name reparent search rmdir open } ;
dontaudit sysadm_t mysqld_etc_t : lnk_file getattr ;
allow sysadm_t mysqld_etc_t : lnk_file { read create getattr setattr relabelfrom relabelto unlink rename } ;
allow sysadm_t mysqld_etc_t : chr_file { getattr relabelfrom } ;
dontaudit sysadm_t mysqld_log_t : file getattr ;
allow sysadm_t mysqld_log_t : file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open } ;
allow sysadm_t mysqld_etc_t : blk_file { getattr relabelfrom } ;
dontaudit sysadm_t mysqld_log_t : dir { ioctl read getattr lock search } ;
allow sysadm_t mysqld_log_t : dir { ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename add_name remove_name reparent search rmdir open } ;
dontaudit sysadm_t mysqld_etc_t : sock_file getattr ;
allow sysadm_t mysqld_etc_t : sock_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename } ;
dontaudit sysadm_t mysqld_etc_t : fifo_file getattr ;
allow sysadm_t mysqld_etc_t : fifo_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open } ;
dontaudit sysadm_t mysqld_log_t : lnk_file getattr ;
allow sysadm_t mysqld_log_t : lnk_file { read create getattr setattr relabelfrom relabelto unlink rename } ;
allow sysadm_t mysqld_log_t : chr_file { getattr relabelfrom } ;
allow sysadm_t mysqld_log_t : blk_file { getattr relabelfrom } ;
dontaudit sysadm_t mysqld_log_t : sock_file getattr ;
allow sysadm_t mysqld_log_t : sock_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename } ;
dontaudit sysadm_t mysqld_log_t : fifo_file getattr ;
allow sysadm_t mysqld_log_t : fifo_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open } ;
allow mysqld_tmp_t mysqld_tmp_t : filesystem associate ;
dontaudit sysadm_t mysqld_exec_t : file getattr ;
allow sysadm_t mysqld_exec_t : file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open } ;
dontaudit sysadm_t mysqld_exec_t : dir { ioctl read getattr lock search } ;
allow sysadm_t mysqld_exec_t : dir { ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename add_name remove_name reparent search rmdir open } ;
dontaudit sysadm_t mysqld_exec_t : lnk_file getattr ;
allow sysadm_t mysqld_exec_t : lnk_file { read create getattr setattr relabelfrom relabelto unlink rename } ;
allow sysadm_t mysqld_exec_t : chr_file { getattr relabelfrom } ;
allow sysadm_t mysqld_exec_t : blk_file { getattr relabelfrom } ;
dontaudit sysadm_t mysqld_exec_t : sock_file getattr ;
allow sysadm_t mysqld_exec_t : sock_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename } ;
dontaudit sysadm_t mysqld_exec_t : fifo_file getattr ;
allow sysadm_t mysqld_exec_t : fifo_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open } ;
allow dpkg_script_t mysqld_tmp_t : file { ioctl read write create getattr setattr lock append unlink link rename open } ;
allow dpkg_script_t mysqld_tmp_t : dir { ioctl read write create getattr setattr lock unlink link rename add_name remove_name reparent search rmdir open } ;
allow dpkg_script_t mysqld_tmp_t : lnk_file { read create getattr setattr unlink rename } ;
allow dpkg_script_t mysqld_tmp_t : sock_file { ioctl read write create getattr setattr lock append unlink link rename } ;
allow dpkg_script_t mysqld_tmp_t : fifo_file { ioctl read write create getattr setattr lock append unlink link rename open } ;
allow httpd_php_t mysqld_t : unix_stream_socket connectto ;
dontaudit sysadm_t mysqld_db_t : file getattr ;
allow sysadm_t mysqld_db_t : file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open } ;
dontaudit sysadm_t mysqld_db_t : dir { ioctl read getattr lock search } ;
allow sysadm_t mysqld_db_t : dir { ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename add_name remove_name reparent search rmdir open } ;
dontaudit sysadm_t mysqld_db_t : lnk_file getattr ;
allow sysadm_t mysqld_db_t : lnk_file { read create getattr setattr relabelfrom relabelto unlink rename } ;
allow sysadm_t mysqld_db_t : chr_file { getattr relabelfrom } ;
allow sysadm_t mysqld_db_t : blk_file { getattr relabelfrom } ;
dontaudit sysadm_t mysqld_db_t : sock_file getattr ;
allow sysadm_t mysqld_db_t : sock_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename } ;
dontaudit sysadm_t mysqld_db_t : fifo_file getattr ;
allow sysadm_t mysqld_db_t : fifo_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open } ;
allow sysadm_t mysqld_t : unix_stream_socket connectto ;
allow mysqld_log_t tmpfs_t : filesystem associate ;
dontaudit staff_t mysqld_var_run_t : file getattr ;
dontaudit staff_t mysqld_var_run_t : dir { ioctl read getattr lock search } ;
dontaudit staff_t mysqld_var_run_t : lnk_file getattr ;
dontaudit staff_t mysqld_var_run_t : sock_file getattr ;
dontaudit staff_t mysqld_var_run_t : fifo_file getattr ;
allow mysqld_etc_t mysqld_etc_t : filesystem associate ;
allow logrotate_t mysqld_etc_t : file { read getattr } ;
allow logrotate_t mysqld_etc_t : dir { read getattr search } ;
allow logrotate_t mysqld_etc_t : lnk_file { read getattr } ;
allow mysqld_t etc_runtime_t : file { ioctl read getattr lock } ;
allow mysqld_t etc_runtime_t : lnk_file { read getattr } ;
allow mysqld_t mysqld_var_run_t : file { ioctl read write create getattr setattr lock append unlink link rename open } ;
allow mysqld_t mysqld_var_run_t : dir { ioctl read write getattr lock add_name remove_name search } ;
allow mysqld_t mysqld_var_run_t : sock_file { ioctl read write create getattr setattr lock append unlink link rename } ;
allow mysqld_t @ttr0025 : fd use ;
allow mysqld_log_t mysqld_log_t : filesystem associate ;
allow mysqld_exec_t mysqld_exec_t : filesystem associate ;
allow mysqld_t @ttr0043 : tcp_socket node_bind ;
allow mysqld_t @ttr0043 : node { tcp_recv tcp_send udp_recv udp_send recvfrom sendto } ;
allow mysqld_t unlabeled_t : tcp_socket recvfrom ;
allow mysqld_t unlabeled_t : udp_socket recvfrom ;
allow mysqld_t dns_client_packet_t : packet { send recv } ;
allow mysqld_t unlabeled_t : rawip_socket recvfrom ;
dontaudit sysadm_t mysqld_tmp_t : file getattr ;
allow sysadm_t mysqld_tmp_t : file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open } ;
dontaudit sysadm_t mysqld_tmp_t : dir { ioctl read getattr lock search } ;
allow sysadm_t mysqld_tmp_t : dir { ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename add_name remove_name reparent search rmdir open } ;
dontaudit sysadm_t mysqld_tmp_t : lnk_file getattr ;
allow sysadm_t mysqld_tmp_t : lnk_file { read create getattr setattr relabelfrom relabelto unlink rename } ;
allow sysadm_t mysqld_tmp_t : chr_file { getattr relabelfrom } ;
allow sysadm_t mysqld_tmp_t : blk_file { getattr relabelfrom } ;
dontaudit sysadm_t mysqld_tmp_t : sock_file getattr ;
allow sysadm_t mysqld_tmp_t : sock_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename } ;
dontaudit sysadm_t mysqld_tmp_t : fifo_file getattr ;
allow sysadm_t mysqld_tmp_t : fifo_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open } ;
allow mysqld_t unlabeled_t : association { sendto recvfrom } ;
allow mysqld_t @ttr0058 : tcp_socket { recv_msg send_msg } ;
allow mysqld_t @ttr0058 : udp_socket { recv_msg send_msg } ;
allow mysqld_t unlabeled_t : packet { send recv } ;
allow mysqld_t unlabeled_t : peer recv ;
allow mysqld_t sysadm_home_dir_t : dir { ioctl read getattr lock search } ;
allow httpd_sysadm_script_t mysqld_client_packet_t : packet { send recv } ;
allow ftpd_t mysqld_etc_t : file { ioctl read write create getattr setattr lock append unlink link rename open } ;
allow ftpd_t mysqld_etc_t : dir { ioctl read write create getattr setattr lock unlink link rename add_name remove_name reparent search rmdir open } ;
allow ftpd_t mysqld_etc_t : lnk_file { read create getattr setattr unlink rename } ;
allow ftpd_t mysqld_log_t : file { ioctl read write create getattr setattr lock append unlink link rename open } ;
allow ftpd_t mysqld_log_t : dir { ioctl read write create getattr setattr lock unlink link rename add_name remove_name reparent search rmdir open } ;
allow ftpd_t mysqld_etc_t : sock_file { ioctl read write create getattr setattr lock append unlink link rename } ;
allow ftpd_t mysqld_etc_t : fifo_file { ioctl read write create getattr setattr lock append unlink link rename open } ;
allow ftpd_t mysqld_log_t : lnk_file { read create getattr setattr unlink rename } ;
allow ftpd_t mysqld_log_t : sock_file { ioctl read write create getattr setattr lock append unlink link rename } ;
allow ftpd_t mysqld_log_t : fifo_file { ioctl read write create getattr setattr lock append unlink link rename open } ;
allow user_t mysqld_var_run_t : dir { getattr search } ;
allow user_t mysqld_var_run_t : sock_file { write getattr } ;
allow ftpd_t mysqld_exec_t : file { ioctl read write create getattr setattr lock append unlink link rename open } ;
allow ftpd_t mysqld_exec_t : dir { ioctl read write create getattr setattr lock unlink link rename add_name remove_name reparent search rmdir open } ;
allow ftpd_t mysqld_exec_t : lnk_file { read create getattr setattr unlink rename } ;
allow ftpd_t mysqld_exec_t : sock_file { ioctl read write create getattr setattr lock append unlink link rename } ;
allow ftpd_t mysqld_exec_t : fifo_file { ioctl read write create getattr setattr lock append unlink link rename open } ;
allow ftpd_t mysqld_db_t : file { ioctl read write create getattr setattr lock append unlink link rename open } ;
allow ftpd_t mysqld_db_t : dir { ioctl read write create getattr setattr lock unlink link rename add_name remove_name reparent search rmdir open } ;
allow ftpd_t mysqld_db_t : lnk_file { read create getattr setattr unlink rename } ;
allow ftpd_t mysqld_db_t : sock_file { ioctl read write create getattr setattr lock append unlink link rename } ;
allow ftpd_t mysqld_db_t : fifo_file { ioctl read write create getattr setattr lock append unlink link rename open } ;
allow httpd_sysadm_script_t mysqld_port_t : tcp_socket name_connect ;
allow staff_t mysqld_t : unix_stream_socket connectto ;
allow httpd_user_script_t mysqld_client_packet_t : packet { send recv } ;
allow httpd_t mysqld_client_packet_t : packet { send recv } ;
allow ftpd_t mysqld_tmp_t : file { ioctl read write create getattr setattr lock append unlink link rename open } ;
allow ftpd_t mysqld_tmp_t : dir { ioctl read write create getattr setattr lock unlink link rename add_name remove_name reparent search rmdir open } ;
allow ftpd_t mysqld_tmp_t : lnk_file { read create getattr setattr unlink rename } ;
allow ftpd_t mysqld_tmp_t : sock_file { ioctl read write create getattr setattr lock append unlink link rename } ;
allow ftpd_t mysqld_tmp_t : fifo_file { ioctl read write create getattr setattr lock append unlink link rename open } ;
allow httpd_staff_script_t mysqld_client_packet_t : packet { send recv } ;
allow httpd_sys_script_t mysqld_client_packet_t : packet { send recv } ;
dontaudit staff_t mysqld_port_t : tcp_socket name_bind ;
allow mount_t mysqld_var_run_t : file { ioctl read getattr lock mounton } ;
allow mount_t mysqld_var_run_t : dir { ioctl read getattr lock mounton search } ;
allow user_t mysqld_t : unix_stream_socket connectto ;
allow sysadm_t mysqld_var_run_t : dir { getattr search } ;
allow sysadm_t mysqld_var_run_t : sock_file { write getattr } ;
allow httpd_user_script_t mysqld_port_t : tcp_socket name_connect ;
allow httpd_t mysqld_port_t : tcp_socket name_connect ;
allow httpd_staff_script_t mysqld_port_t : tcp_socket name_connect ;
allow httpd_sys_script_t mysqld_port_t : tcp_socket name_connect ;
allow mount_t mysqld_etc_t : file { ioctl read getattr lock mounton } ;
allow mount_t mysqld_etc_t : dir { ioctl read getattr lock mounton search } ;
allow mount_t mysqld_log_t : file { ioctl read getattr lock mounton } ;
allow mount_t mysqld_log_t : dir { ioctl read getattr lock mounton search } ;
dontaudit user_t mysqld_port_t : tcp_socket name_bind ;
allow httpd_unconfined_script_t mysqld_client_packet_t : packet { send recv } ;
allow mount_t mysqld_exec_t : file { ioctl read getattr lock mounton } ;
allow mount_t mysqld_exec_t : dir { ioctl read getattr lock mounton search } ;
allow mount_t mysqld_db_t : file { ioctl read getattr lock mounton } ;
allow mount_t mysqld_db_t : dir { ioctl read getattr lock mounton search } ;
allow sysadm_t mysqld_t : unix_stream_socket connectto ;
allow ftpd_t mysqld_var_run_t : file { ioctl read write create getattr setattr lock append unlink link rename open } ;
allow ftpd_t mysqld_var_run_t : dir { ioctl read write create getattr setattr lock unlink link rename add_name remove_name reparent search rmdir open } ;
allow staff_t mysqld_var_run_t : dir { getattr search } ;
allow ftpd_t mysqld_var_run_t : lnk_file { read create getattr setattr unlink rename } ;
allow ftpd_t mysqld_var_run_t : sock_file { ioctl read write create getattr setattr lock append unlink link rename } ;
allow staff_t mysqld_var_run_t : sock_file { write getattr } ;
allow ftpd_t mysqld_var_run_t : fifo_file { ioctl read write create getattr setattr lock append unlink link rename open } ;
allow mount_t mysqld_tmp_t : file { ioctl read getattr lock mounton } ;
allow mount_t mysqld_tmp_t : dir { ioctl read getattr lock mounton search } ;
allow httpd_unconfined_script_t mysqld_port_t : tcp_socket name_connect ;
type_transition mysqld_t var_log_t : file mysqld_log_t;
type_transition mysqld_t tmp_t : file mysqld_tmp_t;
type_transition mysqld_t tmp_t : dir mysqld_tmp_t;
type_transition initrc_t mysqld_exec_t : process mysqld_t;
type_transition unconfined_t mysqld_exec_t : process mysqld_t;
type_transition mysqld_t var_lib_t : file mysqld_db_t;
type_transition mysqld_t var_lib_t : dir mysqld_db_t;
type_transition mysqld_t var_run_t : file mysqld_var_run_t;
type_transition mysqld_t var_run_t : sock_file mysqld_var_run_t;
type_transition sysadm_t mysqld_exec_t : process mysqld_t;
role_transition sysadm_r mysqld_exec_t system_r;
role_transition unconfined_r mysqld_exec_t system_r;
Attachment:
mysql.policy.sig
Description: Binary data
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
