Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-10767

/tmp/wsrep_recovery.${RANDOM} file created in unallowed SELinux context

    XMLWordPrintable

    Details

    • Sprint:
      10.1.22

      Description

      A user reported the following error in /var/log/audit/audit.log when trying to start a cluster node:

      type=AVC msg=audit(1473264262.081:132): avc: denied { open } for pid=11191 comm="mysqld" path="/tmp/wsrep_recovery.mx7VGR" dev="dm-1" ino=101950206 scontext=system_u:system_r:mysqld_t:s0 tcontext=system_u:object_r:initrc_tmp_t:s0 tclass=file
      

      This user fixed it with the following addition to their SELinux policy:

      allow mysqld_t initrc_tmp_t:file open;
      

      Should this file actually be created in the mysqld_tmp_t context, or should we modify our SELinux policy to allow access to files in the initrc_tmp_t context?

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              sachin.setiya.007 Sachin Setiya
              Reporter:
              GeoffMontee Geoff Montee
              Votes:
              2 Vote for this issue
              Watchers:
              9 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: