MySQL 4.1.9 avc denied messages
Daniel J Walsh
dwalsh at redhat.com
Thu Jan 20 15:44:39 UTC 2005
Robert L Cochran wrote:
> The following "avc denied" messages were recorded after upgrading
> MySQL-client-4.1.8 and MySQL-devel-4.1.8 to the corresponding 4.1.9
> versions. After upgrading these, I additionally installed (for the
> first time) MySQL-server-4.1.9 and MySQL-shared-4.1.9. These are all
> binary x86 RPM packages downloaded from MySQL.com. They are running on
> a Fedora Core 3 system fully updated including the 741 kernel.
>
> My question is: can I fix the problems brought up by these avc denied
> messages by following the same advice given earlier to the poster
> named "dragoran" from 11/10/2004 through 11/16/2004, in several
> messages with the subject line "PHP cannot connect to mysql server?" I
> wish to allow MySQL execute permission.
>
> Any help gratefully accepted.
>
> Thanks!
>
> Bob Cochran
> Greenbelt, Maryland
>
> And here are the avc messages:
>
> audit(1106189173.580:0): avc: denied { append } for pid=4051
> exe=/usr/sbin/mysqld path=/var/lib/mysql/rachelsp4.lingpgmr.com.err
> dev=dm-0 ino=3260518 scontext=user_u:system_r:mysqld_t
> tcontext=root:object_r:var_lib_t tclass=file
> audit(1106189174.329:0): avc: denied { write } for pid=4051
> exe=/usr/sbin/mysqld name=mysql dev=dm-0 ino=3260470
> scontext=user_u:system_r:mysqld_t tcontext=root:object_r:var_lib_t
> tclass=dir
> audit(1106189174.329:0): avc: denied { add_name } for pid=4051
> exe=/usr/sbin/mysqld name=rachelsp4.lower-test
> scontext=user_u:system_r:mysqld_t tcontext=root:object_r:var_lib_t
> tclass=dir
> audit(1106189174.329:0): avc: denied { create } for pid=4051
> exe=/usr/sbin/mysqld name=rachelsp4.lower-test
> scontext=user_u:system_r:mysqld_t tcontext=user_u:object_r:var_lib_t
> tclass=file
> audit(1106189174.408:0): avc: denied { remove_name } for pid=4051
> exe=/usr/sbin/mysqld name=rachelsp4.lower-test dev=dm-0 ino=3260519
> scontext=user_u:system_r:mysqld_t tcontext=root:object_r:var_lib_t
> tclass=dir
> audit(1106189174.408:0): avc: denied { unlink } for pid=4051
> exe=/usr/sbin/mysqld name=rachelsp4.lower-test dev=dm-0 ino=3260519
> scontext=user_u:system_r:mysqld_t tcontext=user_u:object_r:var_lib_t
> tclass=file
> audit(1106189174.449:0): avc: denied { create } for pid=4051
> exe=/usr/sbin/mysqld name=mysql.sock scontext=user_u:system_r:mysqld_t
> tcontext=user_u:object_r:var_lib_t tclass=sock_file
> audit(1106189174.711:0): avc: denied { read write } for pid=4051
> exe=/usr/sbin/mysqld name=ibdata1 dev=dm-0 ino=3260520
> scontext=user_u:system_r:mysqld_t tcontext=root:object_r:var_lib_t
> tclass=file
> audit(1106189174.711:0): avc: denied { lock } for pid=4051
> exe=/usr/sbin/mysqld path=/var/lib/mysql/ibdata1 dev=dm-0 ino=3260520
> scontext=user_u:system_r:mysqld_t tcontext=root:object_r:var_lib_t
> tclass=file
> audit(1106189175.480:0): avc: denied { write } for pid=4109
> exe=/usr/sbin/mysqld path=/var/lib/mysql/rachelsp4.lingpgmr.com.pid
> dev=dm-0 ino=3260523 scontext=user_u:system_r:mysqld_t
> tcontext=user_u:object_r:var_lib_t tclass=file
> audit(1106189175.845:0): avc: denied { getattr } for pid=4051
> exe=/usr/sbin/mysqld path=/var/lib/mysql/mysql/host.MYI dev=dm-0
> ino=3260477 scontext=user_u:system_r:mysqld_t
> tcontext=root:object_r:var_lib_t tclass=file
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> http://www.redhat.com/mailman/listinfo/fedora-selinux-list
restorecon -R -v /usr/lib/mysql
should fix the problem.
Dan
More information about the fedora-selinux-list
mailing list