Il 2023-05-18 10:39 Zdenek Pytela ha scritto:
httpd can only read and write mysql sockets, so far there was no need to allow other interactions.
Hi Zdenek, ok, so it is not an error or misconfiguration on my part.
You can change the value of datadir in mysql configuration.
Yeah, I have taken this approach.
Otherwise, as in all such changes, you need to create a local policy to back that change. It can be as easy as f38# cat local_mysqld_symlink.cil (allow httpd_t mysqld_db_t (lnk_file (getattr read))) f38# semodule -i local_mysqld_symlink.cil
When I need to do local policy customizations I generally run audit2allow, whose output is (if I am not mistaken) in different format than cil. There are any documentations on both format types and their differences?
Thanks. -- Danti Gionatan Supporto Tecnico Assyoma S.r.l. - www.assyoma.it email: g.danti@xxxxxxxxxx - info@xxxxxxxxxx GPG public key ID: FF5F32A8 _______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
