-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 02/05/2013 08:27 AM, Daniel J Walsh wrote: > On 02/04/2013 09:53 PM, Lakshmipathi.G wrote: >> Hi - I have a restricted account with guest_u.How to provide mysql >> access to guest_u without breaking other services? > >> I tried "setsebool -P allow_user_mysql_connect 1" > >> Still it says - ERROR 2002 (HY000): Can't connect to local MySQL server >> through socket '/var/lib/mysql/mysql.sock' (13) > > >> Thanks for help. > > > >> -- ---- Cheers, Lakshmipathi.G FOSS Programmer. www.giis.co.in >> <http://www.giis.co.in> > > >> -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx >> https://admin.fedoraproject.org/mailman/listinfo/selinux > > I would add a custom policy module > > policy_module(myguest, 1.0) > > gen_require(` type guest_t; ') > > mysql_stream_connect(guest_t) -- selinux mailing list > selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux > I guess Dominic beat me to it. Currently the allow_user booleans do not effect guest_u or xguest_u, because I want them as locked down as possible. The way to adjust their policy is through custom policy rules, or you could generate a new user type using sepolicy generate (selinux-polgengui) guest_mysql_u. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlERCa8ACgkQrlYvE4MpobPcDQCgvbnTK459/uv+dpmZ4uzS5MC0 J6EAni9Bd76dHzLa07eeAVc8dbyzbErv =rj/7 -----END PGP SIGNATURE----- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
