MySQL custom datadir location - other daemons too
Florin Andrei
florin at andrei.myip.org
Sun Apr 22 20:43:06 UTC 2007
Jan-Frode Myklebust wrote:
> On 2007-04-21, Florin Andrei <florin at andrei.myip.org> wrote:
>
>> # grep /db /etc/fstab
>> LABEL=/db /db ext3 defcontext=system_u:object_r:var_t:s0 1 2
>
> That doesn't look right to me.. I think you should label it mysqld_db_t,
> not var_t. mysqld_db_t should mean only mysql will have access to these
> files and directories, while var_t is much more open. Lots of apps
> probably have access to var_t.
# grep /db /etc/fstab
LABEL=/db /db ext3 defcontext=system_u:object_r:mysql_db_t:s0 1 2
# tail -n 1 /var/log/messages
Apr 22 13:38:34 reports kernel: SELinux:
security_context_to_sid(system_u:object_r:mysql_db_t:s0) failed for (dev
sdb1, type ext3) errno=-22
--
Florin Andrei
http://florin.myip.org/
More information about the fedora-selinux-list
mailing list