[MDEV-10160] enabled cracklib plugin blocks all password changes with SELINUX=enforcing - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 10.1.14, 10.1
Fix Version/s: N/A
Component/s: Admin statements, Authentication and Privilege System, Documentation
Labels:
None
Environment:
linux with SELINUX=enforcing

Description

When using default settings cracklib tries to read the password database from /usr/share/cracklib/. When using the standard SELINUX profile mysqdl doesn't have access to that directory though.

Workarounds:

add additional access rules:

    semanage fcontext -a -t mysqld_etc_t  "/usr/share/cracklib(/.*)?"

    restorecon -Rv /usr/share/cracklib

or copy cracklib dictionary to mysqld datadir and set cracklib_password_check_dictionary accordingly

Attachments

Issue Links

relates to

MDEV-18374 SELinux breaks cracklib_password_check plugin

Closed

Activity

People

Assignee:: Ian Gilfillan

Reporter:: Hartmut Holzgraefe

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 2016-05-31 17:06

Updated:: 2019-01-25 09:47

Resolved:: 2016-08-08 09:27

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.