Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-10405

mysql.sock gets created with different SELinux context

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 10.1.16
    • Fix Version/s: 10.1.17
    • Component/s: Platform RedHat
    • Labels:
      None
    • Environment:
      CentOS 7 updating from 10.1.14 to 10.1.16

      Description

      Hi there,

      I tried updating some mariadb installations from version 10.1.14 to version 10.1.16.
      After restarting the daemon php-fpm and some other daemons (like apache mod_php) were no longer able to connect via unix socket.

      Due to this problem I am not able to update to the latest version.
      I did not try 10.1.15. Maybe this version is also affected.

      The working permissions/contexts (as of 10.1.14)

      > ls -alZ /var/lib/mysql
      ...
      srwxrwxrwx. mysql mysql system_u:object_r:mysqld_var_run_t:s0 mysql.sock
      ...
      

      The new but not working permissions/contexts (as of 10.1.16)

      > ls -alZ /var/lib/mysql
      ...
      srwxrwxrwx. mysql mysql system_u:object_r:mysqld_db_t:s0 mysql.sock
      ...
      

      The error inside /var/log/audit/audit.log

      type=AVC msg=audit(1469001191.978:508572): avc:  denied  { connectto } for  pid=65240 comm="php-fpm" path="/var/lib/mysql/mysql.sock" scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=unix_stream_socket
      

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              svoj Sergey Vojtovich
              Reporter:
              Flo Florian Bezdeka
              Votes:
              1 Vote for this issue
              Watchers:
              5 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: