similar to: Moving Mysql data directory denied by selinux?

Hi, I'm confused, why can root not change context of a directory ? I've moved a mysql dir from /var/lib to another drive. But running sudo chcon -R -t mysqld_t ./mysql Yields a screen full of messages such as chcon: failed to change context of ?schema_table_lock_waits.frm? to ?system_u:object_r:mysqld_t:s0?: Permission denied (and yes, mysql was shut down before the move and is till

On 04/25/2017 06:45 PM, Gordon Messmer wrote: > On 04/25/2017 01:58 AM, Laurent Wandrebeck wrote: >> Quick?n?(really) dirty SELinux howto: > > > Alternate process: > > 1: setenforce permissive > 2: tail -f /var/log/audit/audit.log | grep AVC > 3: use the service, exercise each function that's constrained by the > existing policy > 4: copy and paste the

Le mardi 25 avril 2017 ? 10:39 +0200, Robert Moskowitz a ?crit : > Thanks Laurent. You obviously know a LOT more about SELinux than I. I > pretty much just use commands and not build policies. So I need some > more information here. > > From what you provided below, how do I determine what is currently in > place and how do I add your stuff (changing postgresql with

Interesting to see the Equivalence. As a first thing, I tried: semanage fcontext -a -e /var/lib/mysql.old /var/lib/mysql then restorecon -R /var/lib/mysql # semanage fcontext -lC SELinux fcontext type Context /home/users(/.*)? all files system_u:object_r:user_home_dir_t:s0 /var/lib/mysql all

Hello, A server was configured in /var/lib/myslq in the root fs. I added a LV specifically for mysql. I stopped myql and renamed /var/lib/mysql to /var/lib/mysql.old. I created a new dir /var/lib/mysql and mounted the LV on /var/lib/mysql. I then copied with "cp -prZ" all mysql files in /var/lib/mysql.old to /var/lib/mysql. But then I got a selinux problem: # ls -ldZ mysql.old/

Thanks, I managed to fix /var/lib/mysql # ls -ldZ /var/lib/mysql drwxr-xr-x. mysql mysql system_u:object_r:mysqld_db_t:s0 /var/lib/mysql To fix it, I tried: semanage fcontext -d -e /var/lib/mysql this command returned: KeyError: /var/lib/mysql I tried restorecon anyway: restorecon -Rv /var/lib/mysql But not better: ls -ldZ /var/lib/mysql drwxr-xr-x. mysql mysql system_u:object_r:var_lib_t:s0

Am 10.02.2017 um 16:59 schrieb Tim Smith: > Hi, > > I'm confused, why can root not change context of a directory ? > > I've moved a mysql dir from /var/lib to another drive. > > But running sudo chcon -R -t mysqld_t ./mysql > > Yields a screen full of messages such as > > chcon: failed to change context of ?schema_table_lock_waits.frm? to >

Hi list, I''ve got an issue at the moment, which isn''t really a big problem, but an untidy annoyance really, and I''d just like to understand what the best practice might be when dealing with the issue. As a really quick summary, the issue is that Puppet is starting up the mysqld service for the first time as unconfined_u, and then when MySQL goes and creates a load

On 04/26/2017 04:22 AM, Gordon Messmer wrote: > On 04/25/2017 03:25 PM, Robert Moskowitz wrote: >> This made the same content as before that caused problems: > > I still don't understand, exactly. Are you seeing *new* problems > after installing a policy? What are the problems? > >> #!!!! The file '/var/lib/mysql/mysql.sock' is mislabeled on your system.

I recently setup my Puppetmaster server to run through Passenger via Apache instead of on the default webrick web server. SELinux made that not work and I've found some documentation on making rules to allow it however mine won't load. This is the policy I found via this website, http://sandcat.nl/~stijn/2012/01/20/selinux-passenger-and-puppet-oh-my/comment-page-1/ . module

thanks. On 04/26/2017 08:55 AM, Phoenix, Merka wrote: > Robert, > > in regards to your Postfix and Dovecot issue with MySQL and SELinux, > >> Apr 26 01:25:45 z9m9z dovecot: dict: Error: >> mysql(/var/lib/mysql/mysql.sock): Connect failed to database >> (postfix): Can't connect to local MySQL server through socket >> '/var/lib/mysql/mysql.sock' (13)

On 23 Oct 2017 5:26 pm, "Bernard Fay" <bernard.fay at gmail.com> wrote: Interesting to see the Equivalence. As a first thing, I tried: semanage fcontext -a -e /var/lib/mysql.old /var/lib/mysql then restorecon -R /var/lib/mysql # semanage fcontext -lC SELinux fcontext type Context /home/users(/.*)? all files

On 23 October 2017 at 13:33, Bernard Fay <bernard.fay at gmail.com> wrote: > Hello, > > A server was configured in /var/lib/myslq in the root fs. I added a LV > specifically for mysql. I stopped myql and renamed /var/lib/mysql to > /var/lib/mysql.old. I created a new dir /var/lib/mysql and mounted the LV > on /var/lib/mysql. I then copied with "cp -prZ" all

Robert, in regards to your Postfix and Dovecot issue with MySQL and SELinux, > Apr 26 01:25:45 z9m9z dovecot: dict: Error: > mysql(/var/lib/mysql/mysql.sock): Connect failed to database > (postfix): Can't connect to local MySQL server through socket > '/var/lib/mysql/mysql.sock' (13) - waiting for 1 seconds before retry > Apr 26 01:25:45 z9m9z dovecot: dict: Error:

On 23 October 2017 at 19:18, Bernard Fay <bernard.fay at gmail.com> wrote: > Thanks, I managed to fix /var/lib/mysql > > # ls -ldZ /var/lib/mysql > drwxr-xr-x. mysql mysql system_u:object_r:mysqld_db_t:s0 /var/lib/mysql > > To fix it, I tried: > semanage fcontext -d -e /var/lib/mysql > this command returned: > KeyError: /var/lib/mysql > I tried restorecon

Hello, Can somebody of the Samba team explain me the difference of Fedora packages or Enterprise packages ( <http://enterprisesamba.com/> http://enterprisesamba.com/) of Samba on Red Hat Enterprise Linux 4? I tried to find any information about this subject, but googleing doesn't help me. The standard Samba package (3.0.10EL) of RHEL4 doesn't communicate with a W2k3 server

CentOS 4 - updated to current, rebooted to new kernel and now I can't get mysqld to start... # service mysqld start Timeout error occurred trying to start MySQL Daemon #tail -n 4 /var/log/messages Nov 12 00:48:56 srv1 kernel: audit(1131781736.221:4): avc: denied { write } for pid=4874 comm="mysqld" name="tmp" dev=dm-0 ino=2894305 scontext=root:system_r:mysqld_t

On 04/25/2017 11:12 AM, Laurent Wandrebeck wrote: > Le mardi 25 avril 2017 ? 11:07 +0200, Robert Moskowitz a ?crit : >> On 04/25/2017 10:58 AM, Laurent Wandrebeck wrote: >>> Le mardi 25 avril 2017 ? 10:39 +0200, Robert Moskowitz a ?crit : >>>> Thanks Laurent. You obviously know a LOT more about SELinux than I. I >>>> pretty much just use commands and not

Le mardi 25 avril 2017 ? 11:07 +0200, Robert Moskowitz a ?crit : > > On 04/25/2017 10:58 AM, Laurent Wandrebeck wrote: > > Le mardi 25 avril 2017 ? 10:39 +0200, Robert Moskowitz a ?crit : > >> Thanks Laurent. You obviously know a LOT more about SELinux than I. I > >> pretty much just use commands and not build policies. So I need some > >> more

I'm busy setting up amavisd-new on a CentOS 5.0 box - and believe I've got it working well enough that I can switch selinux enforcing back on again. I've done the usual- - grab a chunk of the audit.log that is relevant to all the actions that would be denied. - do 'cat audit.log | audit2allow -M amavis' to generate the module - amavis.te looks like: module amavis 1.0;