Hi,
Today I have updated a CentOS 6.8 system that has MariaDB-server installed
from
http://yum.mariadb.org/5.5/centos6-amd64 and found that I had an SELinux
issue. I know this is not really CentOS related, but thought I would check
if anyone else on this list uses this repository and has also seen a
problem ?
Using the information at https://wiki.centos.org/HowTos/SELinux I have
created a local policy that seems to fix things
module marialocal 1.0;
require {
type mysqld_safe_t;
class capability { setuid setgid };
}
#============= mysqld_safe_t =============
allow mysqld_safe_t self:capability setgid;
allow mysqld_safe_t self:capability setuid;
My own research suggests this is reasonably safe, but does anyone see a
reason why this shouldn't be used ?
It may be useful to know that the particular rpms are
MariaDB-server-5.5.54-1.el6.x86_64 and
selinux-policy-3.7.19-292.el6_8.2.noarch.
Thanks for any feedback, and Happy New Year :)
On 01/04/2017 01:46 PM, Clint Dilks wrote:> My own research suggests this is reasonably safe, but does anyone see a > reason why this shouldn't be used ?Not really, but if you start this with systemd, using the service file Red Hat distributes, then it isn't necessary because systemd will have already switched uid/gid to launch mysqld.
On Thu, Jan 5, 2017 at 4:01 PM, Gordon Messmer <gordon.messmer at gmail.com> wrote:> On 01/04/2017 01:46 PM, Clint Dilks wrote: > >> My own research suggests this is reasonably safe, but does anyone see a >> reason why this shouldn't be used ? >> > > > Not really, but if you start this with systemd, using the service file Red > Hat distributes, then it isn't necessary because systemd will have already > switched uid/gid to launch mysqld. >Thanks for the response, but as this is CentOS 6 systemd isn't a factor :)