Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-10767

/tmp/wsrep_recovery.${RANDOM} file created in unallowed SELinux context

    Details

    • Sprint:
      10.1.22

      Description

      A user reported the following error in /var/log/audit/audit.log when trying to start a cluster node:

      type=AVC msg=audit(1473264262.081:132): avc: denied { open } for pid=11191 comm="mysqld" path="/tmp/wsrep_recovery.mx7VGR" dev="dm-1" ino=101950206 scontext=system_u:system_r:mysqld_t:s0 tcontext=system_u:object_r:initrc_tmp_t:s0 tclass=file
      

      This user fixed it with the following addition to their SELinux policy:

      allow mysqld_t initrc_tmp_t:file open;
      

      Should this file actually be created in the mysqld_tmp_t context, or should we modify our SELinux policy to allow access to files in the initrc_tmp_t context?

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                sachin.setiya.007 Sachin Setiya
                Reporter:
                GeoffMontee Geoff Montee
              • Votes:
                2 Vote for this issue
                Watchers:
                9 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: