Re: mysql vs selinux
On 07/06/2009 10:08 PM, Amadeus W.M. wrote: [r...@alm ~]# semanage fcontext -a -t mysqld_db_t "/data/mysql(/.*)?" [r...@alm ~]# restorecon -R -v /data/mysql Try # semanage fcontext -a -t mysqld_db_t "/data(/.*)?" # restorecon -R -v /data -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: mysql vs selinux
On Mon, 06 Jul 2009 08:10:29 -0400, Daniel J Walsh wrote: > On 07/05/2009 11:57 PM, Amadeus W.M. wrote: >> Trying to run mysqld with datadir=/data/mysql (i.e. different than the >> default datadir=/var/lib/mysql). When I start mysqld for the first time >> it fails: >> >> [r...@alm ~]# /etc/rc.d/init.d/mysqld start Initializing MySQL >> database: Installing MySQL system tables... 090705 23:01:52 [Warning] >> Can't create test file /data/mysql/alm.lower-test 090705 23:01:52 >> [Warning] Can't create test file /data/mysql/alm.lower-test >> /usr/libexec/mysqld: Can't change dir to '/data/mysql/' (Errcode: 13) >> 090705 23:01:52 [ERROR] Aborting >> >> >> >> and selinux pops up and says >> >> Summary: >> SELinux is preventing mysqld (mysqld_t) "search" to / (default_t). >> >> Detailed Description: >> SELinux denied access requested by mysqld. / may be a mislabeled. / >> default SELinux type is root_t, but its current type is default_t. >> Changing this file back to the default type, may fix your problem. >> >> >> >> >> Poking around on google I found this suggestion: >> >> >> http://www.linuxforums.org/forum/servers/54215-moving-mysql-datafile- >> another-location-2.html >> >> chcon -R -u system_u -r object_r -t mysqld_db_t /home/mysqldb chcon -R >> -u system_u -r object_r -t mysqld_db_t /var/lib/mysql/ chcon -u >> system_u -r object_r -t mysqld_etc_t /etc/my.cnf >> >> with /data/mysql instead of /home/mysqldb, of course. >> >> This was as of FC7. Would this still be the right thing to do in F11? >> I'm really being patient here with selinux, trying to give it a 2nd >> chance (first chance was about F3 or F4). I'm trying to avoid the >> barbaric solution of disabling it alltogether yet again. >> >> Oh, by the way, I am able to run mysqld without a hitch even with >> selinux enabled provided that I use the default datadir=/var/lib/mysql. >> That's not acceptable though, as my /var is too small for the colossal >> amount of data I have. >> >> >> I tried to keep this post relatively short, so I didn't include all >> selinux info. If more is necessary, I'll post it. Please help! >> >> >> >> >> > Here is a new guide we are working on for setting up different confined > services. There is a chapter on mysql. > > > > http://sradvan.fedorapeople.org/SELinux_Managing_Confined_Services/en-US/ html/ > > Specifically check out the chapter this page > > http://sradvan.fedorapeople.org/SELinux_Managing_Confined_Services/en-US/ html/sect-Managing_Confined_Services-MySQL-Configuration_Examples.html Thanks, I followed the instructions: [r...@alm ~]# semanage fcontext -a -t mysqld_db_t "/data/mysql(/.*)?" [r...@alm ~]# restorecon -R -v /data/mysql but now selinux complains about /data itself: Summary SELinux is preventing access to files with the default label, default_t. Additional Information Source Context: unconfined_u:system_r:mysqld_t:s0 Target Context: system_u:object_r:default_t:s0 Target Objects: /data [ dir ] Source: mysqld Source Path: /usr/libexec/mysqld And indeed, [r...@alm ~]# ls -lZd /data drwxr-xr-x. amadeus users system_u:object_r:default_t:s0 /data So I'm guessing I should add a context for /data, something like semanage fcontext -a -t data_t "/data" restorecon -R -v /data/mysql Is that correct? Also, in addition to /data selinux is also complaining abut / : Summary SELinux is preventing mysqld (mysqld_t) "search" to / (default_t). Additional Information Source Context: unconfined_u:system_r:mysqld_t:s0 Target Context: system_u:object_r:default_t:s0 Target Objects: / [ dir ] Source: mysqld Source Path: /usr/libexec/mysqld But [r...@alm ~]# ls -lZd / drwxr-xr-x. root root system_u:object_r:root_t:s0 / i.e. / is not default_t. What gives? -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: mysql vs selinux
On Mon, 06 Jul 2009 07:33:34 +0100, Sharpe, Sam J wrote: > chcon -R --reference=/var/lib/mysql /data/mysql Thanks! That command did its thing, but now selinux complains about /data itself being labeled default_t. Please see my answer to Daniel J. Walsh, below. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: mysql vs selinux
On 07/05/2009 11:57 PM, Amadeus W.M. wrote: Trying to run mysqld with datadir=/data/mysql (i.e. different than the default datadir=/var/lib/mysql). When I start mysqld for the first time it fails: [r...@alm ~]# /etc/rc.d/init.d/mysqld start Initializing MySQL database: Installing MySQL system tables... 090705 23:01:52 [Warning] Can't create test file /data/mysql/alm.lower-test 090705 23:01:52 [Warning] Can't create test file /data/mysql/alm.lower-test /usr/libexec/mysqld: Can't change dir to '/data/mysql/' (Errcode: 13) 090705 23:01:52 [ERROR] Aborting and selinux pops up and says Summary: SELinux is preventing mysqld (mysqld_t) "search" to / (default_t). Detailed Description: SELinux denied access requested by mysqld. / may be a mislabeled. / default SELinux type is root_t, but its current type is default_t. Changing this file back to the default type, may fix your problem. Poking around on google I found this suggestion: http://www.linuxforums.org/forum/servers/54215-moving-mysql-datafile- another-location-2.html chcon -R -u system_u -r object_r -t mysqld_db_t /home/mysqldb chcon -R -u system_u -r object_r -t mysqld_db_t /var/lib/mysql/ chcon -u system_u -r object_r -t mysqld_etc_t /etc/my.cnf with /data/mysql instead of /home/mysqldb, of course. This was as of FC7. Would this still be the right thing to do in F11? I'm really being patient here with selinux, trying to give it a 2nd chance (first chance was about F3 or F4). I'm trying to avoid the barbaric solution of disabling it alltogether yet again. Oh, by the way, I am able to run mysqld without a hitch even with selinux enabled provided that I use the default datadir=/var/lib/mysql. That's not acceptable though, as my /var is too small for the colossal amount of data I have. I tried to keep this post relatively short, so I didn't include all selinux info. If more is necessary, I'll post it. Please help! Here is a new guide we are working on for setting up different confined services. There is a chapter on mysql. http://sradvan.fedorapeople.org/SELinux_Managing_Confined_Services/en-US/html/ Specifically check out the chapter this page http://sradvan.fedorapeople.org/SELinux_Managing_Confined_Services/en-US/html/sect-Managing_Confined_Services-MySQL-Configuration_Examples.html -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: mysql vs selinux
2009/7/6 Amadeus W.M. : > Trying to run mysqld with datadir=/data/mysql (i.e. different than the > default datadir=/var/lib/mysql). When I start mysqld for the first time it > fails: > > [r...@alm ~]# /etc/rc.d/init.d/mysqld start > Initializing MySQL database: Installing MySQL system tables... > 090705 23:01:52 [Warning] Can't create test file /data/mysql/alm.lower-test > 090705 23:01:52 [Warning] Can't create test file /data/mysql/alm.lower-test > /usr/libexec/mysqld: Can't change dir to '/data/mysql/' (Errcode: 13) > 090705 23:01:52 [ERROR] Aborting > chcon -R -u system_u -r object_r -t mysqld_db_t /home/mysqldb > chcon -R -u system_u -r object_r -t mysqld_db_t /var/lib/mysql/ > chcon -u system_u -r object_r -t mysqld_etc_t /etc/my.cnf > > with /data/mysql instead of /home/mysqldb, of course. It might be better to do this instead of the first line: chcon -R --reference=/var/lib/mysql /data/mysql Lines 2 and 3 should be unnecessary if mysql works with the default data dir already. -- Sam -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
mysql vs selinux
Trying to run mysqld with datadir=/data/mysql (i.e. different than the default datadir=/var/lib/mysql). When I start mysqld for the first time it fails: [r...@alm ~]# /etc/rc.d/init.d/mysqld start Initializing MySQL database: Installing MySQL system tables... 090705 23:01:52 [Warning] Can't create test file /data/mysql/alm.lower-test 090705 23:01:52 [Warning] Can't create test file /data/mysql/alm.lower-test /usr/libexec/mysqld: Can't change dir to '/data/mysql/' (Errcode: 13) 090705 23:01:52 [ERROR] Aborting and selinux pops up and says Summary: SELinux is preventing mysqld (mysqld_t) "search" to / (default_t). Detailed Description: SELinux denied access requested by mysqld. / may be a mislabeled. / default SELinux type is root_t, but its current type is default_t. Changing this file back to the default type, may fix your problem. Poking around on google I found this suggestion: http://www.linuxforums.org/forum/servers/54215-moving-mysql-datafile- another-location-2.html chcon -R -u system_u -r object_r -t mysqld_db_t /home/mysqldb chcon -R -u system_u -r object_r -t mysqld_db_t /var/lib/mysql/ chcon -u system_u -r object_r -t mysqld_etc_t /etc/my.cnf with /data/mysql instead of /home/mysqldb, of course. This was as of FC7. Would this still be the right thing to do in F11? I'm really being patient here with selinux, trying to give it a 2nd chance (first chance was about F3 or F4). I'm trying to avoid the barbaric solution of disabling it alltogether yet again. Oh, by the way, I am able to run mysqld without a hitch even with selinux enabled provided that I use the default datadir=/var/lib/mysql. That's not acceptable though, as my /var is too small for the colossal amount of data I have. I tried to keep this post relatively short, so I didn't include all selinux info. If more is necessary, I'll post it. Please help! -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
