MySQL's LOAD DATA INFILE statement

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,
I'm incurring some problems with MySQL and SELinux, and I need help.

Running a 64-bit Fedora 12 with mysql-server-5.1.47-2.fc12.x86_64.

$ ps -eZ | grep mysqld
system_u:system_r:mysqld_safe_t:s0 1321 ?      00:00:00 mysqld_safe
system_u:system_r:mysqld_t:s0    1410 ?        00:00:01 mysqld

My problem is:
it is only possible to use "LOAD DATA INFILE" statement if SELinux is
in its permissive state.

Strangely, logs below show no avc denial (all I can tell from them is
Chinese tried to break into, and last line probably refers to when I
added mysql user to some group I created). But statement won't work in
enforcing state. Nothing gives me any tip concerning the referred
MySQL statement issue.

# cat /var/log/audit/audit.log | grep mysql
type=USER_LOGIN msg=audit(1305401554.802:34): user pid=2229 uid=0
auid=4294967295 ses=4294967295
subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login
acct="mysql" exe="/usr/sbin/sshd" hostname=? addr=218.241.236.69
terminal=sshd res=failed'
type=USER_LOGIN msg=audit(1305401556.759:36): user pid=2229 uid=0
auid=4294967295 ses=4294967295
subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login
acct="mysql" exe="/usr/sbin/sshd" hostname=? addr=218.241.236.69
terminal=sshd res=failed'
type=USER_LOGIN msg=audit(1305404558.850:1653): user pid=3709 uid=0
auid=4294967295 ses=4294967295
subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login
acct="mysql" exe="/usr/sbin/sshd" hostname=? addr=218.241.236.69
terminal=sshd res=failed'
type=USER_LOGIN msg=audit(1305404560.536:1655): user pid=3709 uid=0
auid=4294967295 ses=4294967295
subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login
acct="mysql" exe="/usr/sbin/sshd" hostname=? addr=218.241.236.69
terminal=sshd res=failed'
type=USER_LOGIN msg=audit(1305404563.834:1656): user pid=3711 uid=0
auid=4294967295 ses=4294967295
subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login
acct="mysql" exe="/usr/sbin/sshd" hostname=? addr=218.241.236.69
terminal=sshd res=failed'
type=USER_LOGIN msg=audit(1305404566.207:1658): user pid=3711 uid=0
auid=4294967295 ses=4294967295
subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login
acct="mysql" exe="/usr/sbin/sshd" hostname=? addr=218.241.236.69
terminal=sshd res=failed'
type=ADD_GROUP msg=audit(1322849937.081:18): user pid=1989 uid=0
auid=4294967295 ses=4294967295
subj=system_u:system_r:useradd_t:s0-s0:c0.c1023 msg='op=adding group
acct="mysql" exe="/usr/sbin/useradd" hostname=? addr=? terminal=?
res=success'

Firstly, where could that avc denial be in?

And, well, I want to keep SELinux enforcing its policies, except for
what is needed in order to make "LOAD DATA INFILE" work.

So, what would be the proper way to achieve that?


Marcio Barbado, Jr.
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux