Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-11789

MariaDB fails to restart after 10.0.29-1.el7 update

    Details

    • Sprint:
      10.0.30

      Description

      A few minutes ago, MariaDB updated on my CentOS 7.3 server as per the below from /var/log/yum.log.

      Jan 14 10:10:04 Updated: MariaDB-common-10.0.29-1.el7.centos.x86_64
      Jan 14 10:10:05 Updated: MariaDB-client-10.0.29-1.el7.centos.x86_64
      Jan 14 10:10:14 Updated: MariaDB-server-10.0.29-1.el7.centos.x86_64
      Jan 14 10:10:14 Updated: MariaDB-shared-10.0.29-1.el7.centos.x86_64
      

      The error when manually performing a restart is shown below:

      Jan 14 10:21:36 server systemd[1]: Starting LSB: start and stop MySQL...
      Jan 14 10:21:36 server mysql[14399]: Starting MySQL.170114 10:21:36 mysqld_safe Logging to '/var/lib/mysql/server.err'.
      Jan 14 10:21:36 server mysql[14399]: 170114 10:21:36 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql
      Jan 14 10:21:36 server mysql[14399]: /usr/bin/mysqld_safe_helper: Cannot change uid/gid (errno: 1)
      Jan 14 10:21:37 server mysql[14399]: ERROR!
      Jan 14 10:21:37 server systemd[1]: mysql.service: control process exited, code=exited status=1
      Jan 14 10:21:37 server systemd[1]: Failed to start LSB: start and stop MySQL.
      Jan 14 10:21:37 server systemd[1]: Unit mysql.service entered failed state.
      Jan 14 10:21:37 server systemd[1]: mysql.service failed.
      

      After further investigation, I found the two SELinux errors from running 'sealert -a /var/log/audit/audit.log'.

      SELinux is preventing /usr/bin/mysqld_safe_helper from using the setgid capability.
      SELinux is preventing /usr/bin/mysqld_safe_helper from using the setuid capability.
      

      For now I have fixed this by creating a local policy and restarting MariaDB, however it appears that by default SELinux prevents /usr/bin/mysqld_safe_helper making use of setuid and setgid which causes it to fail to start back up after the upgrade.

      I'm not sure if this is a MariaDB specific issue, or MySQL, or maybe even the SELinux policy has changed since the last MariaDB update.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                serg Sergei Golubchik
                Reporter:
                Jarrod Farncomb Jarrod Farncomb
              • Votes:
                2 Vote for this issue
                Watchers:
                8 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: