Re: mysql_upgrade selinux issues

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

If I do that would be giving mysqld_t the ability to run any binary
labeled with bin_t. There got be a better option that would open it up
too much.


On 11-01-14 09:31, Dominick Grift wrote:
> On 01/14/2011 03:28 PM, Luciano Furtado wrote:
> 
>> when I run audit2allow I get the following:
> 
>> #============= mysqld_t ==============
>> allow mysqld_t bin_t:dir search;
>> allow mysqld_t bin_t:file { read execute };
>> allow mysqld_t bin_t:lnk_file read;
>> allow mysqld_t shell_exec_t:file { read execute getattr
>> execute_no_trans };
> 
> I would probably just allow the above. looks like it wants to run mysql
> command which i guess is labelled bin_t.
> 
> corecmd_exec_bin(mysqld_t)
> corecmd_exec_shell(mysqld_t)
> 
> should be suffice i believe
> 
>> What's the proper fix here? I dont want to give the mysqld_t permission
>> to execute arbitrary scripts. The only solution I have right now is to
>> relabel mysql_upgrade so it runs as unconfined, and that's not  much of
>> a solution.
> 
> 
> 
> 
> 
>> Best Regards.
>> Luciano
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJNMHBiAAoJENgwSj9ZOOwrT5MH/2yi2OAnMhnnFSqpTvkYkcFc
7T6jYqMsuH/V7UQdxqf8SUa/BNBj1HhSL0ruC8ES0261jKDGypeiQxFgsi8wzEvx
4ar1F6xIhpnMhs4KRcc/7GBn614Cz/vl5rXjXJKzM+Cuyg/IRziM3Gmwkw+22fw7
oIhQdqH8f7KDRWZbeuV3kGjJuKrZKsv55IXAuY33RxsandixHrNz94r8w5DjOz6u
V+xOyHb4ubjp75QcG5epPcNT1iLnVMHKiTp9jOIOnWp73RJjX1v1cBAVkf8Z8VQy
ghsd9HP3pJNsRyNItxlcvFNeye+hlQ+nChHqWghutG2wUOIheVUwe9cy1mKjYos=
=JgQv
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux


[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux