Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-10404

Improved systemd service hardening causes SELinux problems

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Fixed
    • 10.1.16
    • 10.1.17
    • Scripts & Clients
    • None
    • CentOS 7.2
    • 10.1.17-1

    Description

      In MDEV-10298, NoNewPrivileges=true was added to the systemd service file. But when SELinux is enabled, this prevents mysqld from transitioning from init_t to mysqld_t, and that in turn prevents connecting from httpd_t. So after upgrading to 10.1.16, I see in ps auxZ:

      system_u:system_r:init_t:s0     mysql     4080 11.8  7.2 779200 124164 ?       Ssl  08:54   0:00 /usr/sbin/mysqld
      

      When I comment out the NoNewPrivileges=true, and restart, I see:

      system_u:system_r:mysqld_t:s0   mysql     4185 27.0  7.3 779200 126220 ?       Ssl  08:55   0:00 /usr/sbin/mysqld
      

      Attachments

        Issue Links

          Activity

            People

              svoj Sergey Vojtovich
              hvdijk Harald van Dijk
              Votes:
              1 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.