-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/07/2012 12:26 AM, Marcio B. Jr. wrote: > Hi, I'm incurring some problems with MySQL and SELinux, and I need > help. > > Running a 64-bit Fedora 12 with mysql-server-5.1.47-2.fc12.x86_64. > > $ ps -eZ | grep mysqld system_u:system_r:mysqld_safe_t:s0 1321 ? > 00:00:00 mysqld_safe system_u:system_r:mysqld_t:s0 1410 ? > 00:00:01 mysqld > > My problem is: it is only possible to use "LOAD DATA INFILE" > statement if SELinux is in its permissive state. > > Strangely, logs below show no avc denial (all I can tell from them > is Chinese tried to break into, and last line probably refers to > when I added mysql user to some group I created). But statement > won't work in enforcing state. Nothing gives me any tip concerning > the referred MySQL statement issue. > > # cat /var/log/audit/audit.log | grep mysql type=USER_LOGIN > msg=audit(1305401554.802:34): user pid=2229 uid=0 auid=4294967295 > ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 > msg='op=login acct="mysql" exe="/usr/sbin/sshd" hostname=? > addr=218.241.236.69 terminal=sshd res=failed' type=USER_LOGIN > msg=audit(1305401556.759:36): user pid=2229 uid=0 auid=4294967295 > ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 > msg='op=login acct="mysql" exe="/usr/sbin/sshd" hostname=? > addr=218.241.236.69 terminal=sshd res=failed' type=USER_LOGIN > msg=audit(1305404558.850:1653): user pid=3709 uid=0 auid=4294967295 > ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 > msg='op=login acct="mysql" exe="/usr/sbin/sshd" hostname=? > addr=218.241.236.69 terminal=sshd res=failed' type=USER_LOGIN > msg=audit(1305404560.536:1655): user pid=3709 uid=0 auid=4294967295 > ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 > msg='op=login acct="mysql" exe="/usr/sbin/sshd" hostname=? > addr=218.241.236.69 terminal=sshd res=failed' type=USER_LOGIN > msg=audit(1305404563.834:1656): user pid=3711 uid=0 auid=4294967295 > ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 > msg='op=login acct="mysql" exe="/usr/sbin/sshd" hostname=? > addr=218.241.236.69 terminal=sshd res=failed' type=USER_LOGIN > msg=audit(1305404566.207:1658): user pid=3711 uid=0 auid=4294967295 > ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 > msg='op=login acct="mysql" exe="/usr/sbin/sshd" hostname=? > addr=218.241.236.69 terminal=sshd res=failed' type=ADD_GROUP > msg=audit(1322849937.081:18): user pid=1989 uid=0 auid=4294967295 > ses=4294967295 subj=system_u:system_r:useradd_t:s0-s0:c0.c1023 > msg='op=adding group acct="mysql" exe="/usr/sbin/useradd" > hostname=? addr=? terminal=? res=success' > > Firstly, where could that avc denial be in? > > And, well, I want to keep SELinux enforcing its policies, except > for what is needed in order to make "LOAD DATA INFILE" work. > > So, what would be the proper way to achieve that? > > > Marcio Barbado, Jr. -- selinux mailing list > selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux > > Please update to a supported OS, F15 or 16. 12 is way out of date. Nothing in your log indicates SELinux is blocking anything. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk8LISQACgkQrlYvE4MpobNWuACgli4K9/DQnQ7rCrw4qblL1jty vvIAnAyQ4YEW1kbHU0j+MWCXao5ggBvR =Bbnw -----END PGP SIGNATURE----- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
