search for: mysqld_t

Hi, I'm confused, why can root not change context of a directory ? I've moved a mysql dir from /var/lib to another drive. But running sudo chcon -R -t mysqld_t ./mysql Yields a screen full of messages such as chcon: failed to change context of ?schema_table_lock_waits.frm? to ?system_u:object_r:mysqld_t:s0?: Permission denied (and yes, mysql was shut down before the move and is till shut down).

...adache *sigh* Now normally I just move /var/lib/mysql to /home/mysql and symlink it. SELinux complains with Oct 10 21:21:59 intspare kernel: audit(1160479319.080:2): avc: denied { read } for pid=15784 comm="mysqld" name="mysql" dev=dm-0 ino=1230340 scontext=root:system_r:mysqld_t tcontext=root:object_r:var_lib_t tclass=lnk_file Ok, I guess it doesnt like following symlinks so instead I edited /etc/my.cnf to [mysqld] datadir=/home/mysql socket=/home/mysql/mysql.sock # Default to using old password format for compatibility with mysql 3.x # clients (those using the mysqlcli...

...>" > 5: setenforce enforcing > > This process is less iterative, which can save a *lot* of time > building some policies. This made the same content as before that caused problems: module myservice_policy 1.0; require { type dovecot_t; type mysqld_etc_t; type mysqld_t; class unix_stream_socket connectto; class file { getattr open read }; class dir read; } #============= dovecot_t ============== allow dovecot_t mysqld_etc_t:dir read; allow dovecot_t mysqld_etc_t:file { getattr open read }; #!!!! The file '/var/lib/mysql/mysql.sock' is mis...

Am 10.02.2017 um 16:59 schrieb Tim Smith: > Hi, > > I'm confused, why can root not change context of a directory ? > > I've moved a mysql dir from /var/lib to another drive. > > But running sudo chcon -R -t mysqld_t ./mysql > > Yields a screen full of messages such as > > chcon: failed to change context of ?schema_table_lock_waits.frm? to > ?system_u:object_r:mysqld_t:s0?: Permission denied > > (and yes, mysql was shut down before the move and is till shut down). Because mysqld_t is a pro...

...uot;about > page and contact him directly to discuss the post. > > See: http://firstyear.id.au/blog/html/2011/07/05/SELinux_for_postfix_+_dovecot.html This page is about postfix and mysql, not dovecot and mysql. It does validate the allow that is failing on my system: allow dovecot_t mysqld_t:unix_stream_socket connectto; > > On this post referenced above, the author has a sample SELinux policy for postfix/dovecot and mysql. > While the post references an e-mail setup guide link that is no longer reachable, the policy file is still present in text. > > This URL: h...

...0000000 00:00 0 [sigpage] Apr 25 05:13:16 z9m9z dovecot: dict: Error: ffff0000-ffff1000 r-xp 00000000 00:00 0 [vectors] Which go away if I setenforce 0. :( myservice_policy.te has: module myservice_policy 1.0; require { type dovecot_t; type mysqld_etc_t; type mysqld_t; class unix_stream_socket connectto; class file { getattr open read }; class dir read; } #============= dovecot_t ============== allow dovecot_t mysqld_etc_t:dir read; allow dovecot_t mysqld_etc_t:file { getattr open read }; #!!!! The file '/var/lib/mysql/mysql.sock' is mis...

...y policy. The policy from audit2allow generates this when using "grep -e 'httpd\|passenger'" but it seems like too much allowance module passenger 1.0; require { type unconfined_t; type semanage_t; type init_t; type system_cronjob_t; type mysqld_t; type syslogd_t; type apmd_t; type initrc_t; type postfix_local_t; type puppet_etc_t; type setfiles_t; type rpm_t; type unlabeled_t; type var_run_t; type kernel_t; type puppet_var_run_t; type puppet_var_...

Le mardi 25 avril 2017 ? 11:07 +0200, Robert Moskowitz a ?crit : > > On 04/25/2017 10:58 AM, Laurent Wandrebeck wrote: > > Le mardi 25 avril 2017 ? 10:39 +0200, Robert Moskowitz a ?crit : > >> Thanks Laurent. You obviously know a LOT more about SELinux than I. I > >> pretty much just use commands and not build policies. So I need some > >> more

...lems? > >> #!!!! The file '/var/lib/mysql/mysql.sock' is mislabeled on your system. >> #!!!! Fix with $ restorecon -R -v /var/lib/mysql/mysql.sock >> #!!!! This avc can be allowed using the boolean >> 'daemons_enable_cluster_mode' >> allow dovecot_t mysqld_t:unix_stream_socket connectto; >> >> What do these 3 comments mean? > > I'm not sure about the first two. The context you see is the same I > see on the one system where I run mysqld. Running restorecon doesn't > change that context. > > As for the latter, i...

Robert, in regards to your Postfix and Dovecot issue with MySQL and SELinux, > Apr 26 01:25:45 z9m9z dovecot: dict: Error: > mysql(/var/lib/mysql/mysql.sock): Connect failed to database > (postfix): Can't connect to local MySQL server through socket > '/var/lib/mysql/mysql.sock' (13) - waiting for 1 seconds before retry > Apr 26 01:25:45 z9m9z dovecot: dict: Error:

Le mardi 25 avril 2017 ? 10:39 +0200, Robert Moskowitz a ?crit : > Thanks Laurent. You obviously know a LOT more about SELinux than I. I > pretty much just use commands and not build policies. So I need some > more information here. > > From what you provided below, how do I determine what is currently in > place and how do I add your stuff (changing postgresql with

...licy? What are the problems? > #!!!! The file '/var/lib/mysql/mysql.sock' is mislabeled on your system. > #!!!! Fix with $ restorecon -R -v /var/lib/mysql/mysql.sock > #!!!! This avc can be allowed using the boolean > 'daemons_enable_cluster_mode' > allow dovecot_t mysqld_t:unix_stream_socket connectto; > > What do these 3 comments mean? I'm not sure about the first two. The context you see is the same I see on the one system where I run mysqld. Running restorecon doesn't change that context. As for the latter, it sounds like you should be able to...

...file '/var/lib/mysql/mysql.sock' is mislabeled on your >>> system. >>> #!!!! Fix with $ restorecon -R -v /var/lib/mysql/mysql.sock >>> #!!!! This avc can be allowed using the boolean >>> 'daemons_enable_cluster_mode' >>> allow dovecot_t mysqld_t:unix_stream_socket connectto; >>> >>> What do these 3 comments mean? >> >> I'm not sure about the first two. The context you see is the same I >> see on the one system where I run mysqld. Running restorecon doesn't >> change that context. >&g...

...d to start... # service mysqld start Timeout error occurred trying to start MySQL Daemon #tail -n 4 /var/log/messages Nov 12 00:48:56 srv1 kernel: audit(1131781736.221:4): avc: denied { write } for pid=4874 comm="mysqld" name="tmp" dev=dm-0 ino=2894305 scontext=root:system_r:mysqld_t tcontext=root:object_r:root_t tclass=dir Nov 12 00:48:59 srv1 dbus: Can't send to audit system: USER_AVC pid=2839 uid=81 loginuid=-1 message=avc: denied { send_msg } for scontext=user_u:system_r:unconfined_t tcontext=user_u:system_r:initrc_t tclass=dbus Nov 12 00:49:04 srv1 dbus: Can't se...

Using audit2allow, I was able to create a policy module for selinux: audit2allow -i /var/log/audit/audit.log -M mysqld (creates mysqld.pp and mysqld.te) I want to distribute this to all my puppet clients. I can easily put this file in /etc/selinux/targeted/modules/active/modules But even after reboot, although I can see the module listed: semodule -l ... it doesn''t seem to actually

Hello, Can somebody of the Samba team explain me the difference of Fedora packages or Enterprise packages ( <http://enterprisesamba.com/> http://enterprisesamba.com/) of Samba on Red Hat Enterprise Linux 4? I tried to find any information about this subject, but googleing doesn't help me. The standard Samba package (3.0.10EL) of RHEL4 doesn't communicate with a W2k3 server