MySQL 4.1.9 avc denied messages

[Daniel J Walsh]

Robert L Cochran wrote:

> The following "avc denied" messages were recorded after upgrading 
> MySQL-client-4.1.8 and MySQL-devel-4.1.8 to the corresponding 4.1.9 
> versions. After upgrading these, I additionally installed (for the 
> first time) MySQL-server-4.1.9 and MySQL-shared-4.1.9. These are all 
> binary x86 RPM packages downloaded from MySQL.com. They are running on 
> a Fedora Core 3 system fully updated including the 741 kernel.
>
> My question is: can I fix the problems brought up by these avc denied 
> messages by following the same advice given earlier to the poster 
> named "dragoran" from 11/10/2004 through 11/16/2004, in several 
> messages with the subject line "PHP cannot connect to mysql server?" I 
> wish to allow MySQL execute permission.
>
> Any help gratefully accepted.
>
> Thanks!
>
> Bob Cochran
> Greenbelt, Maryland
>
> And here are the avc messages:
>
> audit(1106189173.580:0): avc:  denied  { append } for  pid=4051 
> exe=/usr/sbin/mysqld path=/var/lib/mysql/rachelsp4.lingpgmr.com.err 
> dev=dm-0 ino=3260518 scontext=user_u:system_r:mysqld_t 
> tcontext=root:object_r:var_lib_t tclass=file
> audit(1106189174.329:0): avc:  denied  { write } for  pid=4051 
> exe=/usr/sbin/mysqld name=mysql dev=dm-0 ino=3260470 
> scontext=user_u:system_r:mysqld_t tcontext=root:object_r:var_lib_t 
> tclass=dir
> audit(1106189174.329:0): avc:  denied  { add_name } for  pid=4051 
> exe=/usr/sbin/mysqld name=rachelsp4.lower-test 
> scontext=user_u:system_r:mysqld_t tcontext=root:object_r:var_lib_t 
> tclass=dir
> audit(1106189174.329:0): avc:  denied  { create } for  pid=4051 
> exe=/usr/sbin/mysqld name=rachelsp4.lower-test 
> scontext=user_u:system_r:mysqld_t tcontext=user_u:object_r:var_lib_t 
> tclass=file
> audit(1106189174.408:0): avc:  denied  { remove_name } for  pid=4051 
> exe=/usr/sbin/mysqld name=rachelsp4.lower-test dev=dm-0 ino=3260519 
> scontext=user_u:system_r:mysqld_t tcontext=root:object_r:var_lib_t 
> tclass=dir
> audit(1106189174.408:0): avc:  denied  { unlink } for  pid=4051 
> exe=/usr/sbin/mysqld name=rachelsp4.lower-test dev=dm-0 ino=3260519 
> scontext=user_u:system_r:mysqld_t tcontext=user_u:object_r:var_lib_t 
> tclass=file
> audit(1106189174.449:0): avc:  denied  { create } for  pid=4051 
> exe=/usr/sbin/mysqld name=mysql.sock scontext=user_u:system_r:mysqld_t 
> tcontext=user_u:object_r:var_lib_t tclass=sock_file
> audit(1106189174.711:0): avc:  denied  { read write } for  pid=4051 
> exe=/usr/sbin/mysqld name=ibdata1 dev=dm-0 ino=3260520 
> scontext=user_u:system_r:mysqld_t tcontext=root:object_r:var_lib_t 
> tclass=file
> audit(1106189174.711:0): avc:  denied  { lock } for  pid=4051 
> exe=/usr/sbin/mysqld path=/var/lib/mysql/ibdata1 dev=dm-0 ino=3260520 
> scontext=user_u:system_r:mysqld_t tcontext=root:object_r:var_lib_t 
> tclass=file
> audit(1106189175.480:0): avc:  denied  { write } for  pid=4109 
> exe=/usr/sbin/mysqld path=/var/lib/mysql/rachelsp4.lingpgmr.com.pid 
> dev=dm-0 ino=3260523 scontext=user_u:system_r:mysqld_t 
> tcontext=user_u:object_r:var_lib_t tclass=file
> audit(1106189175.845:0): avc:  denied  { getattr } for  pid=4051 
> exe=/usr/sbin/mysqld path=/var/lib/mysql/mysql/host.MYI dev=dm-0 
> ino=3260477 scontext=user_u:system_r:mysqld_t 
> tcontext=root:object_r:var_lib_t tclass=file
>
> -- 
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> http://www.redhat.com/mailman/listinfo/fedora-selinux-list

restorecon -R -v /usr/lib/mysql
should fix the problem.

Dan