Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-10160

enabled cracklib plugin blocks all password changes with SELINUX=enforcing

    XMLWordPrintable

Details

    Description

      When using default settings cracklib tries to read the password database from /usr/share/cracklib/. When using the standard SELINUX profile mysqdl doesn't have access to that directory though.

      Workarounds:

      • add additional access rules:

            semanage fcontext -a -t mysqld_etc_t  "/usr/share/cracklib(/.*)?"
            restorecon -Rv /usr/share/cracklib
        

      • or copy cracklib dictionary to mysqld datadir and set cracklib_password_check_dictionary accordingly

      Attachments

        Issue Links

          Activity

            People

              greenman Ian Gilfillan
              hholzgra Hartmut Holzgraefe
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.