When using the 'mariadb-server' policy (files in /usr/share/mysql/policy/selinux from the MariaDB-server package):
- mariadb-server.fc file gives type mysqld_safe_exec_t to /usr/bin/wsrep_* scripts
- mariadb-server.te file makes no use of it, but allows needed calls for bin_t
Right after packages install, /usr/bin/wsrep_* have type bin_t so Galera SST can be performed successfully.
But after relabeling/restorecon, SST scripts get their mysqld_safe_exec_t type and Galera SST no longer works, showing denials like this:
Could the attached patch represent the initial goal with labeling SST scripts as mysqld_safe_exec_t?