thr3ads.net - CentOS - [CentOS] Unable to apply mysqld_db

If this information is useful, please help other people find it:
Share via:

Bernard Fay

2017-Oct-23 12:33 UTC

[CentOS] Unable to apply mysqld_db_t to mysql directory

Hello,

A server was configured in /var/lib/myslq in the root fs.  I added a LV
specifically for mysql.  I stopped myql and renamed /var/lib/mysql to
/var/lib/mysql.old.  I created a new dir /var/lib/mysql and mounted the LV
on /var/lib/mysql.  I then copied with "cp -prZ" all mysql files in
/var/lib/mysql.old to /var/lib/mysql.

But then I got a selinux problem:
# ls -ldZ mysql.old/ mysql
drwxr-xr-x. mysql mysql system_u:object_r:var_lib_t:s0   mysql
drwxr-xr-x. mysql mysql system_u:object_r:mysqld_db_t:s0 mysql.old/

I tried to changed the context on mysql with the following commands:

# semanage fcontext -a -t mysqld_db_t "/var/lib/mysql(/.*)?"
# restorecon -R -v /var/lib/mysql

But the /var/lib/mysql directory didn't take the change as you can see
below:
# ls -ldZ mysql.old/ mysql
drwxr-xr-x. mysql mysql system_u:object_r:var_lib_t:s0   mysql
drwxr-xr-x. mysql mysql system_u:object_r:mysqld_db_t:s0 mysql.old/


How can I fix the wrong context on mysql directory?
Thanks,

James Hogarth

2017-Oct-23 14:27 UTC

head link

[CentOS] Unable to apply mysqld_db_t to mysql directory

On 23 October 2017 at 13:33, Bernard Fay <bernard.fay at gmail.com>
wrote:> Hello,
>
> A server was configured in /var/lib/myslq in the root fs.  I added a LV
> specifically for mysql.  I stopped myql and renamed /var/lib/mysql to
> /var/lib/mysql.old.  I created a new dir /var/lib/mysql and mounted the LV
> on /var/lib/mysql.  I then copied with "cp -prZ" all mysql files
in
> /var/lib/mysql.old to /var/lib/mysql.
>
> But then I got a selinux problem:
> # ls -ldZ mysql.old/ mysql
> drwxr-xr-x. mysql mysql system_u:object_r:var_lib_t:s0   mysql
> drwxr-xr-x. mysql mysql system_u:object_r:mysqld_db_t:s0 mysql.old/
>
> I tried to changed the context on mysql with the following commands:
>
> # semanage fcontext -a -t mysqld_db_t "/var/lib/mysql(/.*)?"
> # restorecon -R -v /var/lib/mysql
>
> But the /var/lib/mysql directory didn't take the change as you can see
> below:
> # ls -ldZ mysql.old/ mysql
> drwxr-xr-x. mysql mysql system_u:object_r:var_lib_t:s0   mysql
> drwxr-xr-x. mysql mysql system_u:object_r:mysqld_db_t:s0 mysql.old/
>
>
> How can I fix the wrong context on mysql directory?
> Thanks,
>
/var/lib/mysql is already in default policy - no need to add anything there

can you please provide the output of 'semanage fcontext -lC' so that
we can see any local selinux modifications made?
>From base policy with nothing added, for that directory, you *should*be able to just restorecon -Rv /var/lib/mysql and have the correct
labelling.

Bernard Fay

2017-Oct-23 16:26 UTC

head link

[CentOS] Unable to apply mysqld_db_t to mysql directory

Interesting to see the Equivalence. As a first thing, I tried:

semanage fcontext -a -e /var/lib/mysql.old /var/lib/mysql
then
restorecon -R /var/lib/mysql


# semanage fcontext -lC
SELinux fcontext                                   type
Context

/home/users(/.*)?                                  all files
system_u:object_r:user_home_dir_t:s0
/var/lib/mysql                                     all files
system_u:object_r:mysqld_db_t:s0
/var/lib/mysql(/.*)?                               all files
system_u:object_r:mysqld_db_t:s0

SELinux Local fcontext Equivalence

./mysql = ./mysql.old
/var/lib/mysql = /var/lib/mysql.old
mysql = ./mysql.old




On Mon, Oct 23, 2017 at 10:27 AM, James Hogarth <james.hogarth at
gmail.com>
wrote:
> On 23 October 2017 at 13:33, Bernard Fay <bernard.fay at gmail.com>
wrote:
> > Hello,
> >
> > A server was configured in /var/lib/myslq in the root fs.  I added a
LV
> > specifically for mysql.  I stopped myql and renamed /var/lib/mysql to
> > /var/lib/mysql.old.  I created a new dir /var/lib/mysql and mounted
the
> LV
> > on /var/lib/mysql.  I then copied with "cp -prZ" all mysql
files in
> > /var/lib/mysql.old to /var/lib/mysql.
> >
> > But then I got a selinux problem:
> > # ls -ldZ mysql.old/ mysql
> > drwxr-xr-x. mysql mysql system_u:object_r:var_lib_t:s0   mysql
> > drwxr-xr-x. mysql mysql system_u:object_r:mysqld_db_t:s0 mysql.old/
> >
> > I tried to changed the context on mysql with the following commands:
> >
> > # semanage fcontext -a -t mysqld_db_t "/var/lib/mysql(/.*)?"
> > # restorecon -R -v /var/lib/mysql
> >
> > But the /var/lib/mysql directory didn't take the change as you can
see
> > below:
> > # ls -ldZ mysql.old/ mysql
> > drwxr-xr-x. mysql mysql system_u:object_r:var_lib_t:s0   mysql
> > drwxr-xr-x. mysql mysql system_u:object_r:mysqld_db_t:s0 mysql.old/
> >
> >
> > How can I fix the wrong context on mysql directory?
> > Thanks,
> >
>
> /var/lib/mysql is already in default policy - no need to add anything there
>
> can you please provide the output of 'semanage fcontext -lC' so
that
> we can see any local selinux modifications made?
>
> From base policy with nothing added, for that directory, you *should*
> be able to just restorecon -Rv /var/lib/mysql and have the correct
> labelling.
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos
>

Apparently Analagous Threads

Search for more reasonably related threads

CentOS - Oct 2017 - Unable to apply mysqld_db_t to mysql directory

[CentOS] Unable to apply mysqld_db_t to mysql directory

[CentOS] Unable to apply mysqld_db_t to mysql directory

[CentOS] Unable to apply mysqld_db_t to mysql directory

Apparently Analagous Threads