Re: MySQL Policy Patch

[Jiann-Ming Su <sujiannming@gmail.com>]

On Tue, 19 Oct 2004 13:02:54 -0400, Stephen Smalley <sds@epoch.ncsc.mil> wrote:
> 
> IIRC, on FC2, you would do:
> yum install policy-sources
> cd /etc/security/selinux/src/policy
> vi domains/program/mysqld.te
> 
> to look at the mysqld policy that shipped with FC2.  But you would
> likely do better to update to FC3T3 if using SELinux, as much has
> changed and FC2 policy hasn't had any updates AFAIK.
> 
FC3T3 wouldn't install on my system, so I'm having to work through
FC2.  When I try to run "/etc/init.d/mysql start" as root, I get the
following in dmesg:

audit(1099684144.872:0): avc:  denied  { read } for  pid=5099
exe=/bin/su name=.default_contexts dev=sda5 ino=213003
scontext=jms:user_r:user_su_t tcontext=root:object_r:staff_home_dir_t
tclass=file
inode_doinit_with_dentry: 
context_to_sid(system_u:object_r:mysql_home_dir_t) returned 22 for
dev=sda8 ino=1107617
audit(1099684153.056:0): avc:  denied  { associate } for  pid=5163
exe=/usr/sbin/mysqld-max name=booboo.lower-test
scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:fs_t
tclass=filesystem
audit(1099684153.094:0): avc:  denied  { associate } for  pid=5163
exe=/usr/sbin/mysqld-max name=mysql.sock
scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:fs_t
tclass=filesystem

What do I need to do so that mysql will start on my system, and users
can access the mysql database?  I've tried adding mysqld_r to the
users file, but mysqld_r is not a role.  Sorry for being so slow with
this.  Thanks for any info.

-- 
Jiann-Ming Su
"I have to decide between two equally frightening options. 
 If I wanted to do that, I'd vote." --Duckman

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.