FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor


 
 
LinkBack Thread Tools
 
Old 01-08-2010, 09:47 AM
 
Default Mysql Alert

Hi Guys,

Sorry to keep emailing the group but im determined to crack selinux
and not just switch it off


I have moved my mysql root to /db01/mysql and have sym linked
/var/lib/mysql to there as well just in case any apps still have mysql
hard coded to the original location.


The alert im getting is this:

Summary:

SELinux is preventing /bin/bash "read" access on /var/lib/mysql.

Detailed Description:

SELinux denied access requested by mysqld_safe. It is not expected that this
access is required by mysqld_safe and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file a bug
report.

Additional Information:

Source Context unconfined_u:system_r:mysqld_safe_t:s0
Target Context system_ubject_r:mysqld_db_t:s0
Target Objects /var/lib/mysql [ lnk_file ]
Source mysqld_safe
Source Path /bin/bash
Port <Unknown>
Host vm-lin-wb01
Source RPM Packages bash-4.0.35-2.fc12
Target RPM Packages mysql-server-5.1.41-2.fc12
Policy RPM selinux-policy-3.6.32-63.fc12
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Plugin Name catchall
Host Name vm-lin-wb01
Platform Linux vm-lin-wb01 2.6.31.9-174.fc12.i686.PAE #1
SMP Mon Dec 21 06:04:56 UTC 2009 i686 i686
Alert Count 1
First Seen Fri Jan 8 10:06:33 2010
Last Seen Fri Jan 8 10:06:33 2010
Local ID f35cf4f8-9714-4d41-8f88-310f8cef5425
Line Numbers

Raw Audit Messages

node=vm-lin-wb01 type=AVC msg=audit(1262945193.369:25): avc: denied
{ read } for pid=1267 comm="mysqld_safe" name="mysql" dev=dm-2
ino=21498 scontext=unconfined_u:system_r:mysqld_safe_t:s0
tcontext=system_ubject_r:mysqld_db_t:s0 tclass=lnk_file


node=vm-lin-wb01 type=SYSCALL msg=audit(1262945193.369:25):
arch=40000003 syscall=195 success=no exit=-13 a0=9e04f88 a1=bff7924c
a2=b5cff4 a3=9e04f88 items=0 ppid=1227 pid=1267 auid=501 uid=0 gid=0
euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2
comm="mysqld_safe" exe="/bin/bash"
subj=unconfined_u:system_r:mysqld_safe_t:s0 key=(null)


All the contexts look correct to me, but have i missed something?
would be grateful if anyone could point me in the right direction.


Thanks in advance

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 01-08-2010, 10:43 AM
Dominick Grift
 
Default Mysql Alert

On 01/08/2010 11:47 AM, tony@specialistdevelopment.com wrote:
> Hi Guys,
>
> Sorry to keep emailing the group but im determined to crack selinux and
> not just switch it off
>
> I have moved my mysql root to /db01/mysql and have sym linked
> /var/lib/mysql to there as well just in case any apps still have mysql
> hard coded to the original location.
>
> The alert im getting is this:
>
> Summary:
>
> SELinux is preventing /bin/bash "read" access on /var/lib/mysql.
>
> Detailed Description:
>
> SELinux denied access requested by mysqld_safe. It is not expected that
> this
> access is required by mysqld_safe and this access may signal an intrusion
> attempt. It is also possible that the specific version or configuration
> of the
> application is causing it to require additional access.
>
> Allowing Access:
>
> You can generate a local policy module to allow this access - see FAQ
> (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file a
> bug
> report.
>
> Additional Information:
>
> Source Context unconfined_u:system_r:mysqld_safe_t:s0
> Target Context system_ubject_r:mysqld_db_t:s0
> Target Objects /var/lib/mysql [ lnk_file ]
> Source mysqld_safe
> Source Path /bin/bash
> Port <Unknown>
> Host vm-lin-wb01
> Source RPM Packages bash-4.0.35-2.fc12
> Target RPM Packages mysql-server-5.1.41-2.fc12
> Policy RPM selinux-policy-3.6.32-63.fc12
> Selinux Enabled True
> Policy Type targeted
> Enforcing Mode Enforcing
> Plugin Name catchall
> Host Name vm-lin-wb01
> Platform Linux vm-lin-wb01
> 2.6.31.9-174.fc12.i686.PAE #1
> SMP Mon Dec 21 06:04:56 UTC 2009 i686 i686
> Alert Count 1
> First Seen Fri Jan 8 10:06:33 2010
> Last Seen Fri Jan 8 10:06:33 2010
> Local ID f35cf4f8-9714-4d41-8f88-310f8cef5425
> Line Numbers
>
> Raw Audit Messages
>
> node=vm-lin-wb01 type=AVC msg=audit(1262945193.369:25): avc: denied {
> read } for pid=1267 comm="mysqld_safe" name="mysql" dev=dm-2 ino=21498
> scontext=unconfined_u:system_r:mysqld_safe_t:s0
> tcontext=system_ubject_r:mysqld_db_t:s0 tclass=lnk_file
>
> node=vm-lin-wb01 type=SYSCALL msg=audit(1262945193.369:25):
> arch=40000003 syscall=195 success=no exit=-13 a0=9e04f88 a1=bff7924c
> a2=b5cff4 a3=9e04f88 items=0 ppid=1227 pid=1267 auid=501 uid=0 gid=0
> euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2
> comm="mysqld_safe" exe="/bin/bash"
> subj=unconfined_u:system_r:mysqld_safe_t:s0 key=(null)
>
> All the contexts look correct to me, but have i missed something? would
> be grateful if anyone could point me in the right direction.
>
> Thanks in advance
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list

looks like there is no such rule to allow this access.

> [root@localhost ~]# sesearch --allow -s mysqld_safe_t | grep mysqld_db_t
> allow mysqld_safe_t mysqld_db_t : file { ioctl read write create getattr setattr lock append unlink link rename open } ;
> allow mysqld_safe_t mysqld_db_t : dir { ioctl read write getattr lock add_name remove_name search open } ;

You can allow mysqld_safe_t to read lnk_files with type mysqld_db_t:

echo "avc: denied { read } for pid=1267 comm="mysqld_safe"
name="mysql" dev=dm-2 ino=21498
scontext=unconfined_u:system_r:mysqld_safe_t:s0
tcontext=system_ubject_r:mysqld_db_t:s0 tclass=lnk_file" | audit2allow
-M mymysqldsafe; sudo semodule -i mymysqldsafe.pp

( make sure that you use "mymysqldsafe" for your modules' name. This to
avoid that you overwrite your existing mysql module. )

Please consider reporting this bug. Thanks in advance.

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 01-08-2010, 10:45 AM
Manuel Wolfshant
 
Default Mysql Alert

tony@specialistdevelopment.com wrote:

Hi Guys,

Sorry to keep emailing the group but im determined to crack selinux
and not just switch it off


I have moved my mysql root to /db01/mysql and have sym linked
/var/lib/mysql to there as well just in case any apps still have mysql
hard coded to the original location.

Use mount --bind instead of symlink






The alert im getting is this:

Summary:

SELinux is preventing /bin/bash "read" access on /var/lib/mysql.

Detailed Description:

SELinux denied access requested by mysqld_safe. It is not expected
that this

access is required by mysqld_safe and this access may signal an intrusion
attempt. It is also possible that the specific version or
configuration of the

application is causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file
a bug

report.

Additional Information:

Source Context unconfined_u:system_r:mysqld_safe_t:s0
Target Context system_ubject_r:mysqld_db_t:s0
Target Objects /var/lib/mysql [ lnk_file ]
Source mysqld_safe
Source Path /bin/bash
Port <Unknown>
Host vm-lin-wb01
Source RPM Packages bash-4.0.35-2.fc12
Target RPM Packages mysql-server-5.1.41-2.fc12
Policy RPM selinux-policy-3.6.32-63.fc12
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Plugin Name catchall
Host Name vm-lin-wb01
Platform Linux vm-lin-wb01
2.6.31.9-174.fc12.i686.PAE #1

SMP Mon Dec 21 06:04:56 UTC 2009 i686 i686
Alert Count 1
First Seen Fri Jan 8 10:06:33 2010
Last Seen Fri Jan 8 10:06:33 2010
Local ID f35cf4f8-9714-4d41-8f88-310f8cef5425
Line Numbers

Raw Audit Messages

node=vm-lin-wb01 type=AVC msg=audit(1262945193.369:25): avc: denied
{ read } for pid=1267 comm="mysqld_safe" name="mysql" dev=dm-2
ino=21498 scontext=unconfined_u:system_r:mysqld_safe_t:s0
tcontext=system_ubject_r:mysqld_db_t:s0 tclass=lnk_file


node=vm-lin-wb01 type=SYSCALL msg=audit(1262945193.369:25):
arch=40000003 syscall=195 success=no exit=-13 a0=9e04f88 a1=bff7924c
a2=b5cff4 a3=9e04f88 items=0 ppid=1227 pid=1267 auid=501 uid=0 gid=0
euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2
comm="mysqld_safe" exe="/bin/bash"
subj=unconfined_u:system_r:mysqld_safe_t:s0 key=(null)


All the contexts look correct to me, but have i missed something?
would be grateful if anyone could point me in the right direction.


Thanks in advance

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list



--
Manuel Wolfshant linux registered user #131416
IT manager NoBug Consulting SRL
A: Yes.
>Q: Are you sure?
>>A: Because it reverses the logical flow of conversation.
>>>Q: Why is top posting frowned upon?


--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 01-08-2010, 10:57 AM
Dominick Grift
 
Default Mysql Alert

On 01/08/2010 12:45 PM, Manuel Wolfshant wrote:
> tony@specialistdevelopment.com wrote:
>> Hi Guys,
>>
>> Sorry to keep emailing the group but im determined to crack selinux
>> and not just switch it off
>>
>> I have moved my mysql root to /db01/mysql and have sym linked
>> /var/lib/mysql to there as well just in case any apps still have mysql
>> hard coded to the original location.
> Use mount --bind instead of symlink

Whoops i did not notice this issue is due to custom configuration. So
this issue probably does not justify a bugreport.

I do not think SELinux plays nice with mount --bind so that may not work.

You just manually allow mysqld_safe_t to read the link file , like i
showed in my example.

Make sure though that the link target is properly labeled (mysqld_db_t)
and that mysqld_safe_t can access it. ( label db01 dir with a type
mysqld_safe_t has access to search. for example var_t or mysqld_db_t.

>
>
>>
>> The alert im getting is this:
>>
>> Summary:
>>
>> SELinux is preventing /bin/bash "read" access on /var/lib/mysql.
>>
>> Detailed Description:
>>
>> SELinux denied access requested by mysqld_safe. It is not expected
>> that this
>> access is required by mysqld_safe and this access may signal an intrusion
>> attempt. It is also possible that the specific version or
>> configuration of the
>> application is causing it to require additional access.
>>
>> Allowing Access:
>>
>> You can generate a local policy module to allow this access - see FAQ
>> (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file
>> a bug
>> report.
>>
>> Additional Information:
>>
>> Source Context unconfined_u:system_r:mysqld_safe_t:s0
>> Target Context system_ubject_r:mysqld_db_t:s0
>> Target Objects /var/lib/mysql [ lnk_file ]
>> Source mysqld_safe
>> Source Path /bin/bash
>> Port <Unknown>
>> Host vm-lin-wb01
>> Source RPM Packages bash-4.0.35-2.fc12
>> Target RPM Packages mysql-server-5.1.41-2.fc12
>> Policy RPM selinux-policy-3.6.32-63.fc12
>> Selinux Enabled True
>> Policy Type targeted
>> Enforcing Mode Enforcing
>> Plugin Name catchall
>> Host Name vm-lin-wb01
>> Platform Linux vm-lin-wb01
>> 2.6.31.9-174.fc12.i686.PAE #1
>> SMP Mon Dec 21 06:04:56 UTC 2009 i686 i686
>> Alert Count 1
>> First Seen Fri Jan 8 10:06:33 2010
>> Last Seen Fri Jan 8 10:06:33 2010
>> Local ID f35cf4f8-9714-4d41-8f88-310f8cef5425
>> Line Numbers
>>
>> Raw Audit Messages
>>
>> node=vm-lin-wb01 type=AVC msg=audit(1262945193.369:25): avc: denied
>> { read } for pid=1267 comm="mysqld_safe" name="mysql" dev=dm-2
>> ino=21498 scontext=unconfined_u:system_r:mysqld_safe_t:s0
>> tcontext=system_ubject_r:mysqld_db_t:s0 tclass=lnk_file
>>
>> node=vm-lin-wb01 type=SYSCALL msg=audit(1262945193.369:25):
>> arch=40000003 syscall=195 success=no exit=-13 a0=9e04f88 a1=bff7924c
>> a2=b5cff4 a3=9e04f88 items=0 ppid=1227 pid=1267 auid=501 uid=0 gid=0
>> euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2
>> comm="mysqld_safe" exe="/bin/bash"
>> subj=unconfined_u:system_r:mysqld_safe_t:s0 key=(null)
>>
>> All the contexts look correct to me, but have i missed something?
>> would be grateful if anyone could point me in the right direction.
>>
>> Thanks in advance
>>
>> --
>> fedora-selinux-list mailing list
>> fedora-selinux-list@redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
>


--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 01-08-2010, 11:11 AM
 
Default Mysql Alert

Ho Dominick,

Thanks ill try that, thanks to everyone for their help over the last
couple of days, im starting to like and understand selinux, but no
doubt there will be some more issues


Thanks again.

Tony

Quoting Dominick Grift <domg472@gmail.com>:


On 01/08/2010 12:45 PM, Manuel Wolfshant wrote:

tony@specialistdevelopment.com wrote:

Hi Guys,

Sorry to keep emailing the group but im determined to crack selinux
and not just switch it off

I have moved my mysql root to /db01/mysql and have sym linked
/var/lib/mysql to there as well just in case any apps still have mysql
hard coded to the original location.

Use mount --bind instead of symlink


Whoops i did not notice this issue is due to custom configuration. So
this issue probably does not justify a bugreport.

I do not think SELinux plays nice with mount --bind so that may not work.

You just manually allow mysqld_safe_t to read the link file , like i
showed in my example.

Make sure though that the link target is properly labeled (mysqld_db_t)
and that mysqld_safe_t can access it. ( label db01 dir with a type
mysqld_safe_t has access to search. for example var_t or mysqld_db_t.






The alert im getting is this:

Summary:

SELinux is preventing /bin/bash "read" access on /var/lib/mysql.

Detailed Description:

SELinux denied access requested by mysqld_safe. It is not expected
that this
access is required by mysqld_safe and this access may signal an intrusion
attempt. It is also possible that the specific version or
configuration of the
application is causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file
a bug
report.

Additional Information:

Source Context unconfined_u:system_r:mysqld_safe_t:s0
Target Context system_ubject_r:mysqld_db_t:s0
Target Objects /var/lib/mysql [ lnk_file ]
Source mysqld_safe
Source Path /bin/bash
Port <Unknown>
Host vm-lin-wb01
Source RPM Packages bash-4.0.35-2.fc12
Target RPM Packages mysql-server-5.1.41-2.fc12
Policy RPM selinux-policy-3.6.32-63.fc12
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Plugin Name catchall
Host Name vm-lin-wb01
Platform Linux vm-lin-wb01
2.6.31.9-174.fc12.i686.PAE #1
SMP Mon Dec 21 06:04:56 UTC 2009 i686 i686
Alert Count 1
First Seen Fri Jan 8 10:06:33 2010
Last Seen Fri Jan 8 10:06:33 2010
Local ID f35cf4f8-9714-4d41-8f88-310f8cef5425
Line Numbers

Raw Audit Messages

node=vm-lin-wb01 type=AVC msg=audit(1262945193.369:25): avc: denied
{ read } for pid=1267 comm="mysqld_safe" name="mysql" dev=dm-2
ino=21498 scontext=unconfined_u:system_r:mysqld_safe_t:s0
tcontext=system_ubject_r:mysqld_db_t:s0 tclass=lnk_file

node=vm-lin-wb01 type=SYSCALL msg=audit(1262945193.369:25):
arch=40000003 syscall=195 success=no exit=-13 a0=9e04f88 a1=bff7924c
a2=b5cff4 a3=9e04f88 items=0 ppid=1227 pid=1267 auid=501 uid=0 gid=0
euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2
comm="mysqld_safe" exe="/bin/bash"
subj=unconfined_u:system_r:mysqld_safe_t:s0 key=(null)

All the contexts look correct to me, but have i missed something?
would be grateful if anyone could point me in the right direction.

Thanks in advance

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list










--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 01-08-2010, 11:23 AM
Manuel Wolfshant
 
Default Mysql Alert

Dominick Grift wrote:

On 01/08/2010 12:45 PM, Manuel Wolfshant wrote:


tony@specialistdevelopment.com wrote:


Hi Guys,

Sorry to keep emailing the group but im determined to crack selinux
and not just switch it off

I have moved my mysql root to /db01/mysql and have sym linked
/var/lib/mysql to there as well just in case any apps still have mysql
hard coded to the original location.


Use mount --bind instead of symlink



Whoops i did not notice this issue is due to custom configuration. So
this issue probably does not justify a bugreport.

I do not think SELinux plays nice with mount --bind so that may not work.


It does. Better that it plays with symlinks




You just manually allow mysqld_safe_t to read the link file , like i
showed in my example.

Make sure though that the link target is properly labeled (mysqld_db_t)
and that mysqld_safe_t can access it. ( label db01 dir with a type
mysqld_safe_t has access to search. for example var_t or mysqld_db_t.




The alert im getting is this:

Summary:

SELinux is preventing /bin/bash "read" access on /var/lib/mysql.

Detailed Description:

SELinux denied access requested by mysqld_safe. It is not expected
that this
access is required by mysqld_safe and this access may signal an intrusion
attempt. It is also possible that the specific version or
configuration of the
application is causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file
a bug
report.

Additional Information:

Source Context unconfined_u:system_r:mysqld_safe_t:s0
Target Context system_ubject_r:mysqld_db_t:s0
Target Objects /var/lib/mysql [ lnk_file ]
Source mysqld_safe
Source Path /bin/bash
Port <Unknown>
Host vm-lin-wb01
Source RPM Packages bash-4.0.35-2.fc12
Target RPM Packages mysql-server-5.1.41-2.fc12
Policy RPM selinux-policy-3.6.32-63.fc12
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Plugin Name catchall
Host Name vm-lin-wb01
Platform Linux vm-lin-wb01
2.6.31.9-174.fc12.i686.PAE #1
SMP Mon Dec 21 06:04:56 UTC 2009 i686 i686
Alert Count 1
First Seen Fri Jan 8 10:06:33 2010
Last Seen Fri Jan 8 10:06:33 2010
Local ID f35cf4f8-9714-4d41-8f88-310f8cef5425
Line Numbers

Raw Audit Messages

node=vm-lin-wb01 type=AVC msg=audit(1262945193.369:25): avc: denied
{ read } for pid=1267 comm="mysqld_safe" name="mysql" dev=dm-2

ino=21498 scontext=unconfined_u:system_r:mysqld_safe_t:s0
tcontext=system_ubject_r:mysqld_db_t:s0 tclass=lnk_file

node=vm-lin-wb01 type=SYSCALL msg=audit(1262945193.369:25):
arch=40000003 syscall=195 success=no exit=-13 a0=9e04f88 a1=bff7924c
a2=b5cff4 a3=9e04f88 items=0 ppid=1227 pid=1267 auid=501 uid=0 gid=0
euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2
comm="mysqld_safe" exe="/bin/bash"
subj=unconfined_u:system_r:mysqld_safe_t:s0 key=(null)

All the contexts look correct to me, but have i missed something?
would be grateful if anyone could point me in the right direction.

Thanks in advance

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list






------------------------------------------------------------------------


--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list



--
Manuel Wolfshant linux registered user #131416
IT manager NoBug Consulting SRL
A: Yes.
>Q: Are you sure?
>>A: Because it reverses the logical flow of conversation.
>>>Q: Why is top posting frowned upon?


--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 01-09-2010, 01:08 AM
Mail Lists
 
Default Mysql Alert

On 01/08/2010 05:47 AM, tony@specialistdevelopment.com wrote:
> Hi Guys,
>

They have added the 'equivalence' flag for this :

semanage fcontext -a -e /var/lib/mysql /db01/mysql

restorecon -R /db01/mysql


regards,


gene/

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 01-11-2010, 03:32 PM
Daniel J Walsh
 
Default Mysql Alert

On 01/08/2010 09:08 PM, Mail Lists wrote:
> On 01/08/2010 05:47 AM, tony@specialistdevelopment.com wrote:
>> Hi Guys,
>>
>
> They have added the 'equivalence' flag for this :
>
> semanage fcontext -a -e /var/lib/mysql /db01/mysql
>
> restorecon -R /db01/mysql
>
>
> regards,
>
>
> gene/
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
>
You really want to do this at one level higher.


semanage fcontext -a -e /var/lib/mysql /db01

Otherwise /db01 would be labeled default_t and mysql would not be able to search through it.
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 

Thread Tools




All times are GMT. The time now is 08:16 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org