Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-10767

/tmp/wsrep_recovery.${RANDOM} file created in unallowed SELinux context

Details

    • 10.1.22

    Description

      A user reported the following error in /var/log/audit/audit.log when trying to start a cluster node:

      type=AVC msg=audit(1473264262.081:132): avc: denied { open } for pid=11191 comm="mysqld" path="/tmp/wsrep_recovery.mx7VGR" dev="dm-1" ino=101950206 scontext=system_u:system_r:mysqld_t:s0 tcontext=system_u:object_r:initrc_tmp_t:s0 tclass=file

      This user fixed it with the following addition to their SELinux policy:

      allow mysqld_t initrc_tmp_t:file open;

      Should this file actually be created in the mysqld_tmp_t context, or should we modify our SELinux policy to allow access to files in the initrc_tmp_t context?

      Attachments

        Issue Links

          causes

          Bug - A problem which impairs or prevents the functions of the product. MDEV-13950 mysqld_safe could not start Galera node after upgrade to 10.1.28 or 10.2.9

          • Blocker - Blocks development and/or testing work, production could not run.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-14063 mariadb102-server 10.2.9 cannot startup with galera

          • Major - Major loss of function.
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-10753 selinux policies prevent 10.1.17-1.el7.centos to access: initrc_tmp_t + var_log_t

          • Major - Major loss of function.
          • Closed

          Activity

            Transition Time In Source Status Execution Times
            Sachin Setiya (Inactive) made transition -
            Open In Progress
            		357d 11h 58m 1
            Sachin Setiya (Inactive) made transition -
            In Progress In Review
            		11s 1
            Sachin Setiya (Inactive) made transition -
            Stalled In Review
            		17d 21h 52m 1
            Sergei Golubchik made transition -
            In Review Stalled
            		6h 39m 2
            Sachin Setiya (Inactive) made transition -
            Stalled Closed
            		2d 19h 41m 1

            People

              sachin.setiya.007 Sachin Setiya (Inactive)
              GeoffMontee Geoff Montee (Inactive)
              Votes:
              2 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.