Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-10404

Improved systemd service hardening causes SELinux problems

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 10.1.16
    • Fix Version/s: 10.1.17
    • Component/s: Scripts & Clients
    • Labels:
      None
    • Environment:
      CentOS 7.2
    • Sprint:
      10.1.17-1

      Description

      In MDEV-10298, NoNewPrivileges=true was added to the systemd service file. But when SELinux is enabled, this prevents mysqld from transitioning from init_t to mysqld_t, and that in turn prevents connecting from httpd_t. So after upgrading to 10.1.16, I see in ps auxZ:

      system_u:system_r:init_t:s0     mysql     4080 11.8  7.2 779200 124164 ?       Ssl  08:54   0:00 /usr/sbin/mysqld
      

      When I comment out the NoNewPrivileges=true, and restart, I see:

      system_u:system_r:mysqld_t:s0   mysql     4185 27.0  7.3 779200 126220 ?       Ssl  08:55   0:00 /usr/sbin/mysqld
      

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              svoj Sergey Vojtovich
              Reporter:
              hvdijk Harald van Dijk
              Votes:
              1 Vote for this issue
              Watchers:
              6 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: