mysql vs selinux
Daniel J Walsh
dwalsh at redhat.com
Mon Jul 6 12:10:29 UTC 2009
On 07/05/2009 11:57 PM, Amadeus W.M. wrote:
> Trying to run mysqld with datadir=/data/mysql (i.e. different than the
> default datadir=/var/lib/mysql). When I start mysqld for the first time it
> fails:
>
> [root at alm ~]# /etc/rc.d/init.d/mysqld start
> Initializing MySQL database: Installing MySQL system tables...
> 090705 23:01:52 [Warning] Can't create test file /data/mysql/alm.lower-test
> 090705 23:01:52 [Warning] Can't create test file /data/mysql/alm.lower-test
> /usr/libexec/mysqld: Can't change dir to '/data/mysql/' (Errcode: 13)
> 090705 23:01:52 [ERROR] Aborting
>
>
>
> and selinux pops up and says
>
> Summary:
> SELinux is preventing mysqld (mysqld_t) "search" to / (default_t).
>
> Detailed Description:
> SELinux denied access requested by mysqld. / may be a mislabeled. /
> default SELinux type is root_t, but its current type is default_t.
> Changing this file back to the default type, may fix your problem.
>
> <more stuff>
>
>
> Poking around on google I found this suggestion:
>
>
> http://www.linuxforums.org/forum/servers/54215-moving-mysql-datafile-
> another-location-2.html
>
> chcon -R -u system_u -r object_r -t mysqld_db_t /home/mysqldb
> chcon -R -u system_u -r object_r -t mysqld_db_t /var/lib/mysql/
> chcon -u system_u -r object_r -t mysqld_etc_t /etc/my.cnf
>
> with /data/mysql instead of /home/mysqldb, of course.
>
> This was as of FC7. Would this still be the right thing to do in F11?
> I'm really being patient here with selinux, trying to give it a 2nd chance
> (first chance was about F3 or F4). I'm trying to avoid the barbaric
> solution of disabling it alltogether yet again.
>
> Oh, by the way, I am able to run mysqld without a hitch even with selinux
> enabled provided that I use the default datadir=/var/lib/mysql. That's not
> acceptable though, as my /var is too small for the colossal amount of data
> I have.
>
>
> I tried to keep this post relatively short, so I didn't include all
> selinux info. If more is necessary, I'll post it. Please help!
>
>
>
>
Here is a new guide we are working on for setting up different confined
services. There is a chapter on mysql.
http://sradvan.fedorapeople.org/SELinux_Managing_Confined_Services/en-US/html/
Specifically check out the chapter this page
http://sradvan.fedorapeople.org/SELinux_Managing_Confined_Services/en-US/html/sect-Managing_Confined_Services-MySQL-Configuration_Examples.html
More information about the fedora-list
mailing list