Details
-
Bug
-
Status: Closed (View Workflow)
-
Critical
-
Resolution: Fixed
-
10.0.30
-
None
-
CentOS 7.3
Description
The issue reported in MDEV-11789 as being fixed in 10.0.30 is still present.
I have just installed MariaDB 10.0.30 on a fresh CentOS 7.3 minimal system and cannot start it with SELinux enabled. The errors are exactly the same as outlined in MDEV-11789.
SELinux is preventing /usr/bin/mysqld_safe_helper from using the setgid capability.
|
|
***** Plugin catchall (100. confidence) suggests **************************
|
|
If you believe that mysqld_safe_helper should have the setgid capability by default.
|
Then you should report this as a bug.
|
You can generate a local policy module to allow this access.
|
Do
|
allow this access for now by executing:
|
# ausearch -c 'mysqld_safe_hel' --raw | audit2allow -M my-mysqldsafehel
|
# semodule -i my-mysqldsafehel.pp
|
|
|
Additional Information:
|
Source Context system_u:system_r:mysqld_safe_t:s0
|
Target Context system_u:system_r:mysqld_safe_t:s0
|
Target Objects Unknown [ capability ]
|
Source mysqld_safe_hel
|
Source Path /usr/bin/mysqld_safe_helper
|
Port <Unknown>
|
Host <Unknown>
|
Source RPM Packages MariaDB-server-10.0.30-1.el7.centos.x86_64
|
Target RPM Packages
|
Policy RPM selinux-policy-3.13.1-102.el7_3.15.noarch
|
Selinux Enabled True
|
Policy Type targeted
|
Enforcing Mode Enforcing
|
Host Name localhost.localdomain
|
Platform Linux localhost.localdomain
|
3.10.0-514.2.2.el7.x86_64 #1 SMP Tue Dec 6
|
23:06:41 UTC 2016 x86_64 x86_64
|
Alert Count 4
|
First Seen 2017-03-11 00:13:14 PST
|
Last Seen 2017-03-11 00:13:14 PST
|
Local ID 0ed292fb-afa4-4222-8e26-e85411f37926
|
|
Raw Audit Messages
|
type=AVC msg=audit(1489219994.398:460): avc: denied { setgid } for pid=49629 comm="mysqld_safe_hel" capability=6 scontext=system_u:system_r:mysqld_safe_t:s0 tcontext=system_u:system_r:mysqld_safe_t:s0 tclass=capability
|
|
|
type=SYSCALL msg=audit(1489219994.398:460): arch=x86_64 syscall=setgroups success=no exit=EPERM a0=1 a1=2886530 a2=3d6 a3=7f72793de2e0 items=0 ppid=49553 pid=49629 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=mysqld_safe_hel exe=/usr/bin/mysqld_safe_helper subj=system_u:system_r:mysqld_safe_t:s0 key=(null)
|
|
Hash: mysqld_safe_hel,mysqld_safe_t,mysqld_safe_t,capability,setgid
|
[root@localhost ~]# systemctl status mysql
|
â mysql.service - LSB: start and stop MySQL
|
Loaded: loaded (/etc/rc.d/init.d/mysql; bad; vendor preset: disabled)
|
Active: failed (Result: exit-code) since Sat 2017-03-11 00:13:15 PST; 8s ago
|
Docs: man:systemd-sysv-generator(8)
|
Process: 49546 ExecStart=/etc/rc.d/init.d/mysql start (code=exited, status=1/FAILURE)
|
|
Mar 11 00:13:14 localhost.localdomain systemd[1]: Starting LSB: start and stop MySQL...
|
Mar 11 00:13:14 localhost.localdomain mysql[49546]: Starting MySQL.170311 00:13:14 mysqld_safe Logging to '/var/lib/mysql/localhost.localdomain.err'.
|
Mar 11 00:13:14 localhost.localdomain mysql[49546]: 170311 00:13:14 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql
|
Mar 11 00:13:14 localhost.localdomain mysql[49546]: /usr/bin/mysqld_safe_helper: Cannot change uid/gid (errno: 1)
|
Mar 11 00:13:15 localhost.localdomain mysql[49546]: ERROR!
|
Mar 11 00:13:15 localhost.localdomain systemd[1]: mysql.service: control process exited, code=exited status=1
|
Mar 11 00:13:15 localhost.localdomain systemd[1]: Failed to start LSB: start and stop MySQL.
|
Mar 11 00:13:15 localhost.localdomain systemd[1]: Unit mysql.service entered failed state.
|
Mar 11 00:13:15 localhost.localdomain systemd[1]: mysql.service failed.
|
|
[root@localhost ~]# mysql -V
|
mysql Ver 15.1 Distrib 10.0.30-MariaDB, for Linux (x86_64) using readline 5.1
|
Attachments
Issue Links
- relates to
-
MDEV-11789 MariaDB fails to restart after 10.0.29-1.el7 update
- Closed