MySQL 4.1.9 avc denied messages
Daniel J Walsh
dwalsh at redhat.com
Fri Jan 21 20:26:23 UTC 2005
Robert L Cochran wrote:
> Daniel J Walsh wrote:
>
>>
>> restorecon -R -v /usr/lib/mysql
>> should fix the problem.
>>
>> Dan
>
>
> I'm sorry to have taken so long to respond to this. I ran 'restorecon'
> as suggested. Unfortunately, I'm still getting 'avc denied' messages
> when I restart the computer (e.g. when it shuts down and again when it
> starts up). Any suggestions? Here are the messages:
>
> Jan 21 14:32:58 rachelsp4 kernel: audit(1106335978.786:0): avc:
> denied { append } for pid=4049 exe=/usr/sbin/mysqld
> path=/var/lib/mysql/rachelsp4.lingpgmr.com.err dev=dm-0 ino=3260518
> scontext=user_u:system_r:mysqld_t tcontext=root:object_r:var_lib_t
> tclass=file
> Jan 21 14:32:59 rachelsp4 kernel: audit(1106335979.125:0): avc:
> denied { write } for pid=4049 exe=/usr/sbin/mysqld name=mysql
> dev=dm-0 ino=3260470 scontext=user_u:system_r:mysqld_t
> tcontext=root:object_r:var_lib_t tclass=dir
> Jan 21 14:32:59 rachelsp4 kernel: audit(1106335979.125:0): avc:
> denied { add_name } for pid=4049 exe=/usr/sbin/mysqld
> name=rachelsp4.lower-test scontext=user_u:system_r:mysqld_t
> tcontext=root:object_r:var_lib_t tclass=dir
> Jan 21 14:32:59 rachelsp4 kernel: audit(1106335979.125:0): avc:
> denied { create } for pid=4049 exe=/usr/sbin/mysqld
> name=rachelsp4.lower-test scontext=user_u:system_r:mysqld_t
> tcontext=user_u:object_r:var_lib_t tclass=file
> Jan 21 14:32:59 rachelsp4 kernel: audit(1106335979.139:0): avc:
> denied { remove_name } for pid=4049 exe=/usr/sbin/mysqld
> name=rachelsp4.lower-test dev=dm-0 ino=3260519
> scontext=user_u:system_r:mysqld_t tcontext=root:object_r:var_lib_t
> tclass=dir
> Jan 21 14:32:59 rachelsp4 kernel: audit(1106335979.139:0): avc:
> denied { unlink } for pid=4049 exe=/usr/sbin/mysqld
> name=rachelsp4.lower-test dev=dm-0 ino=3260519
> scontext=user_u:system_r:mysqld_t tcontext=user_u:object_r:var_lib_t
> tclass=file
> Jan 21 14:32:59 rachelsp4 kernel: audit(1106335979.159:0): avc:
> denied { create } for pid=4049 exe=/usr/sbin/mysqld name=mysql.sock
> scontext=user_u:system_r:mysqld_t tcontext=user_u:object_r:var_lib_t
> tclass=sock_file
> Jan 21 14:32:59 rachelsp4 kernel: audit(1106335979.581:0): avc:
> denied { read write } for pid=4049 exe=/usr/sbin/mysqld name=ibdata1
> dev=dm-0 ino=3260520 scontext=user_u:system_r:mysqld_t
> tcontext=root:object_r:var_lib_t tclass=file
> Jan 21 14:32:59 rachelsp4 kernel: audit(1106335979.581:0): avc:
> denied { lock } for pid=4049 exe=/usr/sbin/mysqld
> path=/var/lib/mysql/ibdata1 dev=dm-0 ino=3260520
> scontext=user_u:system_r:mysqld_t tcontext=root:object_r:var_lib_t
> tclass=file
> Jan 21 14:33:00 rachelsp4 kernel: audit(1106335980.183:0): avc:
> denied { write } for pid=4079 exe=/usr/sbin/mysqld
> path=/var/lib/mysql/rachelsp4.lingpgmr.com.pid dev=dm-0 ino=3260523
> scontext=user_u:system_r:mysqld_t tcontext=user_u:object_r:var_lib_t
> tclass=file
> Jan 21 14:33:00 rachelsp4 xfs: xfs startup succeeded
> Jan 21 14:33:00 rachelsp4 kernel: audit(1106335980.237:0): avc:
> denied { getattr } for pid=4049 exe=/usr/sbin/mysqld
> path=/var/lib/mysql/mysql/host.MYI dev=dm-0 ino=3260477
> scontext=user_u:system_r:mysqld_t tcontext=root:object_r:var_lib_t
> tclass=file
>
>
> Bob
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> http://www.redhat.com/mailman/listinfo/fedora-selinux-list
Are you up 2 date on policy.
The latest version is selinux-policy-targeted-1.17.30-2.
/var/lib/mysql should be labeled mysql_db_t
Dan
More information about the fedora-selinux-list
mailing list