Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-16718

Job for mariadb.service failed because the control process exited with error code.

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Duplicate
    • 10.2.16
    • N/A
    • N/A
    • Fedora Linux

    Description

      Hi All,

      I haven't seen this issue pop up yet anywhere except for notifications about multiple instances of MariaDB could be installed, but that's not the case in this specific issue.

      On a clean installation of Fedora 28 when installing MariaDB server from the official repository it fails to start after the installation.

      Installed packages

      rpm -qa | grep -i maria
      MariaDB-server-10.2.16-1.fc28.x86_64
      MariaDB-common-10.2.16-1.fc28.x86_64
      MariaDB-client-10.2.16-1.fc28.x86_64
       
      dnf list installed | grep -i maria
      MariaDB-client.x86_64                      10.2.16-1.fc28               @mariadb
      MariaDB-common.x86_64                      10.2.16-1.fc28               @mariadb
      MariaDB-server.x86_64                      10.2.16-1.fc28               @mariadb
      

      It seems to have to do with selinux policies, when I set selinux to permissive it's able to start the MariaDB server process without any issues.

      I was able to reproduce this on a plain netinstall of Fedora28.

      Jul 10 12:44:54 fedora28 systemd[1]: Starting MariaDB 10.2.16 database server...
      Jul 10 12:44:54 fedora28 audit[31938]: AVC avc:  denied  { nnp_transition } for  pid=31938 comm="(mysqld)" scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:mysqld_t:s0 tclass=process2 permissive=0
      Jul 10 12:44:54 fedora28 audit: SELINUX_ERR op=security_bounded_transition seresult=denied oldcontext=system_u:system_r:init_t:s0 newcontext=system_u:system_r:mysqld_t:s0
      Jul 10 12:44:54 fedora28 mysqld[31938]: 2018-07-10 12:44:54 140492999485696 [Note] /usr/sbin/mysqld (mysqld 10.2.16-MariaDB) starting as process 31938 ...
      Jul 10 12:44:54 fedora28 mysqld[31938]: 2018-07-10 12:44:54 140492999485696 [Warning] Can't create test file /var/lib/mysql/fedora28.lower-test
      Jul 10 12:44:54 fedora28 audit[31938]: AVC avc:  denied  { write } for  pid=31938 comm="mysqld" name="mysql" dev="dm-0" ino=811203 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:mysqld_db_t:s0 tclass=dir permissive=0
      Jul 10 12:44:55 fedora28 audit[31938]: AVC avc:  denied  { read } for  pid=31938 comm="mysqld" name="plugin.frm" dev="dm-0" ino=806160 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:mysqld_db_t:s0 tclass=file permissive=0
      Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [Note] InnoDB: Mutexes and rw_locks use GCC atomic builtins
      Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [Note] InnoDB: Uses event mutexes
      Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [Note] InnoDB: Compressed tables use zlib 1.2.11
      Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [Note] InnoDB: Using Linux native AIO
      Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [Note] InnoDB: Number of pools: 1
      Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [Note] InnoDB: Using SSE2 crc32 instructions
      Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [Note] InnoDB: Initializing buffer pool, total size = 128M, instances = 1, chunk size = 128M
      Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [Note] InnoDB: Completed initialization of buffer pool
      Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492453046016 [Note] InnoDB: If the mysqld execution user is authorized, page cleaner thread priority can be changed. See the man page of setpriority().
      Jul 10 12:44:55 fedora28 audit[31938]: AVC avc:  denied  { getattr } for  pid=31938 comm="mysqld" path="/var/lib/mysql/ibdata1" dev="dm-0" ino=806137 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:mysqld_db_t:s0 tclass=file permissive=0
      Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] InnoDB: Operating system error number 13 in a file operation.
      Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] InnoDB: The error means mysqld does not have the access rights to the directory.
      Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] InnoDB: os_file_get_status() failed on './ibdata1'. Can't determine file permissions
      Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] InnoDB: Plugin initialization aborted with error Generic error
      Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [Note] InnoDB: Starting shutdown...
      Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] Plugin 'InnoDB' init function returned error.
      Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] Plugin 'InnoDB' registration as a STORAGE ENGINE failed.
      Jul 10 12:44:55 fedora28 audit[31938]: AVC avc:  denied  { read write } for  pid=31938 comm="mysqld" name="aria_log_control" dev="dm-0" ino=806142 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:mysqld_db_t:s0 tclass=file permissive=0
      Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] mysqld: File '/var/lib/mysql/aria_log_control' not found (Errcode: 13 "Permission denied")
      Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] mysqld: Got error 'Can't open file' when trying to use aria control file '/var/lib/mysql/aria_log_control'
      Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] Plugin 'Aria' init function returned error.
      Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] Plugin 'Aria' registration as a STORAGE ENGINE failed.
      Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [Note] Plugin 'FEEDBACK' is disabled.
      Jul 10 12:44:55 fedora28 audit[31938]: AVC avc:  denied  { read } for  pid=31938 comm="mysqld" name="plugin.frm" dev="dm-0" ino=806160 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:mysqld_db_t:s0 tclass=file permissive=0
      Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] Could not open mysql.plugin table. Some plugins may be not loaded
      Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] Unknown/unsupported storage engine: InnoDB
      Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] Aborting
      Jul 10 12:44:55 fedora28 systemd[1]: mariadb.service: Main process exited, code=exited, status=1/FAILURE
      Jul 10 12:44:55 fedora28 systemd[1]: mariadb.service: Failed with result 'exit-code'.
      Jul 10 12:44:55 fedora28 systemd[1]: Failed to start MariaDB 10.2.16 database server.
      Jul 10 12:44:55 fedora28 audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=mariadb comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
      

      *****  Plugin catchall (100. confidence) suggests   **************************
       
      If you believe that mysqld should be allowed read write access on the aria_log_control file by default.
      Then you should report this as a bug.
      You can generate a local policy module to allow this access.
      Do
      allow this access for now by executing:
      # ausearch -c 'mysqld' --raw | audit2allow -M my-mysqld
      # semodule -X 300 -i my-mysqld.pp
       
       
      Additional Information:
      Source Context                system_u:system_r:init_t:s0
      Target Context                unconfined_u:object_r:mysqld_db_t:s0
      Target Objects                aria_log_control [ file ]
      Source                        mysqld
      Source Path                   mysqld
      Port                          <Unknown>
      Host                          <Unknown>
      Source RPM Packages           
      Target RPM Packages           
      Policy RPM                    selinux-policy-3.14.1-32.fc28.noarch
      Selinux Enabled               True
      Policy Type                   targeted
      Enforcing Mode                Enforcing
      Host Name                     fedora28.afs.local
      Platform                      Linux fedora28 4.17.3-200.fc28.x86_64 #1
                                    SMP Tue Jun 26 14:17:07 UTC 2018 x86_64 x86_64
      Alert Count                   3
      First Seen                    2018-07-10 11:47:32 CEST
      Last Seen                     2018-07-10 13:23:30 CEST
      Local ID                      fe418f32-a09b-4648-ab58-0174f40d443b
       
      Raw Audit Messages
      type=AVC msg=audit(1531221810.99:421): avc:  denied  { read write } for  pid=1318 comm="mysqld" name="aria_log_control" dev="dm-0" ino=806142 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:mysqld_db_t:s0 tclass=file permissive=0
       
       
      Hash: mysqld,init_t,mysqld_db_t,file,read,write
       
      [root@fedora28 ~]# ausearch -c 'mysqld' --raw | audit2allow -M my-mysqld
      ******************** IMPORTANT ***********************
      To make this policy package active, execute:
       
      semodule -i my-mysqld.pp
      

      Attachments

        Issue Links

          Activity

            evanberkum Edward van Berkum created issue -
            evanberkum Edward van Berkum made changes -
            Field Original Value New Value
            Description Hi All,

            I haven't seen this issue pop up yet anywhere except for notifications about multiple instances of MariaDB could be installed, but that's not the case in this specific issue.

            On a clean installation of Fedora 28 when installing MariaDB server from the official repository it fails to start after the installation.

            Installed packages
            rpm -qa | grep -i maria
            MariaDB-server-10.2.16-1.fc28.x86_64
            MariaDB-common-10.2.16-1.fc28.x86_64
            MariaDB-client-10.2.16-1.fc28.x86_64

            dnf list installed | grep -i maria
            MariaDB-client.x86_64 10.2.16-1.fc28 @mariadb
            MariaDB-common.x86_64 10.2.16-1.fc28 @mariadb
            MariaDB-server.x86_64 10.2.16-1.fc28 @mariadb

            It seems to have to do with selinux policies, when I set selinux to permissive it's able to start the MariaDB server process without any issues.

            I was able to reproduce this on a plain netinstall of Fedora28.

            Jul 10 12:44:54 fedora28 systemd[1]: Starting MariaDB 10.2.16 database server...
            Jul 10 12:44:54 fedora28 audit[31938]: AVC avc: denied { nnp_transition } for pid=31938 comm="(mysqld)" scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:mysqld_t:s0 tclass=process2 permissive=0
            Jul 10 12:44:54 fedora28 audit: SELINUX_ERR op=security_bounded_transition seresult=denied oldcontext=system_u:system_r:init_t:s0 newcontext=system_u:system_r:mysqld_t:s0
            Jul 10 12:44:54 fedora28 mysqld[31938]: 2018-07-10 12:44:54 140492999485696 [Note] /usr/sbin/mysqld (mysqld 10.2.16-MariaDB) starting as process 31938 ...
            Jul 10 12:44:54 fedora28 mysqld[31938]: 2018-07-10 12:44:54 140492999485696 [Warning] Can't create test file /var/lib/mysql/fedora28.lower-test
            Jul 10 12:44:54 fedora28 audit[31938]: AVC avc: denied { write } for pid=31938 comm="mysqld" name="mysql" dev="dm-0" ino=811203 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:mysqld_db_t:s0 tclass=dir permissive=0
            Jul 10 12:44:55 fedora28 audit[31938]: AVC avc: denied { read } for pid=31938 comm="mysqld" name="plugin.frm" dev="dm-0" ino=806160 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:mysqld_db_t:s0 tclass=file permissive=0
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [Note] InnoDB: Mutexes and rw_locks use GCC atomic builtins
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [Note] InnoDB: Uses event mutexes
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [Note] InnoDB: Compressed tables use zlib 1.2.11
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [Note] InnoDB: Using Linux native AIO
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [Note] InnoDB: Number of pools: 1
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [Note] InnoDB: Using SSE2 crc32 instructions
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [Note] InnoDB: Initializing buffer pool, total size = 128M, instances = 1, chunk size = 128M
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [Note] InnoDB: Completed initialization of buffer pool
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492453046016 [Note] InnoDB: If the mysqld execution user is authorized, page cleaner thread priority can be changed. See the man page of setpriority().
            Jul 10 12:44:55 fedora28 audit[31938]: AVC avc: denied { getattr } for pid=31938 comm="mysqld" path="/var/lib/mysql/ibdata1" dev="dm-0" ino=806137 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:mysqld_db_t:s0 tclass=file permissive=0
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] InnoDB: Operating system error number 13 in a file operation.
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] InnoDB: The error means mysqld does not have the access rights to the directory.
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] InnoDB: os_file_get_status() failed on './ibdata1'. Can't determine file permissions
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] InnoDB: Plugin initialization aborted with error Generic error
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [Note] InnoDB: Starting shutdown...
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] Plugin 'InnoDB' init function returned error.
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] Plugin 'InnoDB' registration as a STORAGE ENGINE failed.
            Jul 10 12:44:55 fedora28 audit[31938]: AVC avc: denied { read write } for pid=31938 comm="mysqld" name="aria_log_control" dev="dm-0" ino=806142 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:mysqld_db_t:s0 tclass=file permissive=0
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] mysqld: File '/var/lib/mysql/aria_log_control' not found (Errcode: 13 "Permission denied")
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] mysqld: Got error 'Can't open file' when trying to use aria control file '/var/lib/mysql/aria_log_control'
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] Plugin 'Aria' init function returned error.
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] Plugin 'Aria' registration as a STORAGE ENGINE failed.
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [Note] Plugin 'FEEDBACK' is disabled.
            Jul 10 12:44:55 fedora28 audit[31938]: AVC avc: denied { read } for pid=31938 comm="mysqld" name="plugin.frm" dev="dm-0" ino=806160 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:mysqld_db_t:s0 tclass=file permissive=0
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] Could not open mysql.plugin table. Some plugins may be not loaded
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] Unknown/unsupported storage engine: InnoDB
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] Aborting
            Jul 10 12:44:55 fedora28 systemd[1]: mariadb.service: Main process exited, code=exited, status=1/FAILURE
            Jul 10 12:44:55 fedora28 systemd[1]: mariadb.service: Failed with result 'exit-code'.
            Jul 10 12:44:55 fedora28 systemd[1]: Failed to start MariaDB 10.2.16 database server.
            Jul 10 12:44:55 fedora28 audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=mariadb comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'

            Hi All,

            I haven't seen this issue pop up yet anywhere except for notifications about multiple instances of MariaDB could be installed, but that's not the case in this specific issue.

            On a clean installation of Fedora 28 when installing MariaDB server from the official repository it fails to start after the installation.

            Installed packages
            rpm -qa | grep -i maria
            MariaDB-server-10.2.16-1.fc28.x86_64
            MariaDB-common-10.2.16-1.fc28.x86_64
            MariaDB-client-10.2.16-1.fc28.x86_64

            dnf list installed | grep -i maria
            MariaDB-client.x86_64 10.2.16-1.fc28 @mariadb
            MariaDB-common.x86_64 10.2.16-1.fc28 @mariadb
            MariaDB-server.x86_64 10.2.16-1.fc28 @mariadb

            It seems to have to do with selinux policies, when I set selinux to permissive it's able to start the MariaDB server process without any issues.

            I was able to reproduce this on a plain netinstall of Fedora28.

            Jul 10 12:44:54 fedora28 systemd[1]: Starting MariaDB 10.2.16 database server...
            Jul 10 12:44:54 fedora28 audit[31938]: AVC avc: denied { nnp_transition } for pid=31938 comm="(mysqld)" scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:mysqld_t:s0 tclass=process2 permissive=0
            Jul 10 12:44:54 fedora28 audit: SELINUX_ERR op=security_bounded_transition seresult=denied oldcontext=system_u:system_r:init_t:s0 newcontext=system_u:system_r:mysqld_t:s0
            Jul 10 12:44:54 fedora28 mysqld[31938]: 2018-07-10 12:44:54 140492999485696 [Note] /usr/sbin/mysqld (mysqld 10.2.16-MariaDB) starting as process 31938 ...
            Jul 10 12:44:54 fedora28 mysqld[31938]: 2018-07-10 12:44:54 140492999485696 [Warning] Can't create test file /var/lib/mysql/fedora28.lower-test
            Jul 10 12:44:54 fedora28 audit[31938]: AVC avc: denied { write } for pid=31938 comm="mysqld" name="mysql" dev="dm-0" ino=811203 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:mysqld_db_t:s0 tclass=dir permissive=0
            Jul 10 12:44:55 fedora28 audit[31938]: AVC avc: denied { read } for pid=31938 comm="mysqld" name="plugin.frm" dev="dm-0" ino=806160 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:mysqld_db_t:s0 tclass=file permissive=0
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [Note] InnoDB: Mutexes and rw_locks use GCC atomic builtins
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [Note] InnoDB: Uses event mutexes
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [Note] InnoDB: Compressed tables use zlib 1.2.11
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [Note] InnoDB: Using Linux native AIO
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [Note] InnoDB: Number of pools: 1
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [Note] InnoDB: Using SSE2 crc32 instructions
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [Note] InnoDB: Initializing buffer pool, total size = 128M, instances = 1, chunk size = 128M
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [Note] InnoDB: Completed initialization of buffer pool
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492453046016 [Note] InnoDB: If the mysqld execution user is authorized, page cleaner thread priority can be changed. See the man page of setpriority().
            Jul 10 12:44:55 fedora28 audit[31938]: AVC avc: denied { getattr } for pid=31938 comm="mysqld" path="/var/lib/mysql/ibdata1" dev="dm-0" ino=806137 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:mysqld_db_t:s0 tclass=file permissive=0
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] InnoDB: Operating system error number 13 in a file operation.
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] InnoDB: The error means mysqld does not have the access rights to the directory.
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] InnoDB: os_file_get_status() failed on './ibdata1'. Can't determine file permissions
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] InnoDB: Plugin initialization aborted with error Generic error
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [Note] InnoDB: Starting shutdown...
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] Plugin 'InnoDB' init function returned error.
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] Plugin 'InnoDB' registration as a STORAGE ENGINE failed.
            Jul 10 12:44:55 fedora28 audit[31938]: AVC avc: denied { read write } for pid=31938 comm="mysqld" name="aria_log_control" dev="dm-0" ino=806142 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:mysqld_db_t:s0 tclass=file permissive=0
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] mysqld: File '/var/lib/mysql/aria_log_control' not found (Errcode: 13 "Permission denied")
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] mysqld: Got error 'Can't open file' when trying to use aria control file '/var/lib/mysql/aria_log_control'
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] Plugin 'Aria' init function returned error.
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] Plugin 'Aria' registration as a STORAGE ENGINE failed.
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [Note] Plugin 'FEEDBACK' is disabled.
            Jul 10 12:44:55 fedora28 audit[31938]: AVC avc: denied { read } for pid=31938 comm="mysqld" name="plugin.frm" dev="dm-0" ino=806160 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:mysqld_db_t:s0 tclass=file permissive=0
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] Could not open mysql.plugin table. Some plugins may be not loaded
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] Unknown/unsupported storage engine: InnoDB
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] Aborting
            Jul 10 12:44:55 fedora28 systemd[1]: mariadb.service: Main process exited, code=exited, status=1/FAILURE
            Jul 10 12:44:55 fedora28 systemd[1]: mariadb.service: Failed with result 'exit-code'.
            Jul 10 12:44:55 fedora28 systemd[1]: Failed to start MariaDB 10.2.16 database server.
            Jul 10 12:44:55 fedora28 audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=mariadb comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'

            ***** Plugin catchall (100. confidence) suggests **************************

            If you believe that mysqld should be allowed read write access on the aria_log_control file by default.
            Then you should report this as a bug.
            You can generate a local policy module to allow this access.
            Do
            allow this access for now by executing:
            # ausearch -c 'mysqld' --raw | audit2allow -M my-mysqld
            # semodule -X 300 -i my-mysqld.pp


            Additional Information:
            Source Context system_u:system_r:init_t:s0
            Target Context unconfined_u:object_r:mysqld_db_t:s0
            Target Objects aria_log_control [ file ]
            Source mysqld
            Source Path mysqld
            Port <Unknown>
            Host <Unknown>
            Source RPM Packages
            Target RPM Packages
            Policy RPM selinux-policy-3.14.1-32.fc28.noarch
            Selinux Enabled True
            Policy Type targeted
            Enforcing Mode Enforcing
            Host Name fedora28.afs.local
            Platform Linux fedora28 4.17.3-200.fc28.x86_64 #1
                                          SMP Tue Jun 26 14:17:07 UTC 2018 x86_64 x86_64
            Alert Count 3
            First Seen 2018-07-10 11:47:32 CEST
            Last Seen 2018-07-10 13:23:30 CEST
            Local ID fe418f32-a09b-4648-ab58-0174f40d443b

            Raw Audit Messages
            type=AVC msg=audit(1531221810.99:421): avc: denied { read write } for pid=1318 comm="mysqld" name="aria_log_control" dev="dm-0" ino=806142 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:mysqld_db_t:s0 tclass=file permissive=0


            Hash: mysqld,init_t,mysqld_db_t,file,read,write

            [root@fedora28 ~]# ausearch -c 'mysqld' --raw | audit2allow -M my-mysqld
            ******************** IMPORTANT ***********************
            To make this policy package active, execute:

            semodule -i my-mysqld.pp


            elenst Elena Stepanova made changes -
            Description Hi All,

            I haven't seen this issue pop up yet anywhere except for notifications about multiple instances of MariaDB could be installed, but that's not the case in this specific issue.

            On a clean installation of Fedora 28 when installing MariaDB server from the official repository it fails to start after the installation.

            Installed packages
            rpm -qa | grep -i maria
            MariaDB-server-10.2.16-1.fc28.x86_64
            MariaDB-common-10.2.16-1.fc28.x86_64
            MariaDB-client-10.2.16-1.fc28.x86_64

            dnf list installed | grep -i maria
            MariaDB-client.x86_64 10.2.16-1.fc28 @mariadb
            MariaDB-common.x86_64 10.2.16-1.fc28 @mariadb
            MariaDB-server.x86_64 10.2.16-1.fc28 @mariadb

            It seems to have to do with selinux policies, when I set selinux to permissive it's able to start the MariaDB server process without any issues.

            I was able to reproduce this on a plain netinstall of Fedora28.

            Jul 10 12:44:54 fedora28 systemd[1]: Starting MariaDB 10.2.16 database server...
            Jul 10 12:44:54 fedora28 audit[31938]: AVC avc: denied { nnp_transition } for pid=31938 comm="(mysqld)" scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:mysqld_t:s0 tclass=process2 permissive=0
            Jul 10 12:44:54 fedora28 audit: SELINUX_ERR op=security_bounded_transition seresult=denied oldcontext=system_u:system_r:init_t:s0 newcontext=system_u:system_r:mysqld_t:s0
            Jul 10 12:44:54 fedora28 mysqld[31938]: 2018-07-10 12:44:54 140492999485696 [Note] /usr/sbin/mysqld (mysqld 10.2.16-MariaDB) starting as process 31938 ...
            Jul 10 12:44:54 fedora28 mysqld[31938]: 2018-07-10 12:44:54 140492999485696 [Warning] Can't create test file /var/lib/mysql/fedora28.lower-test
            Jul 10 12:44:54 fedora28 audit[31938]: AVC avc: denied { write } for pid=31938 comm="mysqld" name="mysql" dev="dm-0" ino=811203 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:mysqld_db_t:s0 tclass=dir permissive=0
            Jul 10 12:44:55 fedora28 audit[31938]: AVC avc: denied { read } for pid=31938 comm="mysqld" name="plugin.frm" dev="dm-0" ino=806160 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:mysqld_db_t:s0 tclass=file permissive=0
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [Note] InnoDB: Mutexes and rw_locks use GCC atomic builtins
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [Note] InnoDB: Uses event mutexes
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [Note] InnoDB: Compressed tables use zlib 1.2.11
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [Note] InnoDB: Using Linux native AIO
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [Note] InnoDB: Number of pools: 1
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [Note] InnoDB: Using SSE2 crc32 instructions
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [Note] InnoDB: Initializing buffer pool, total size = 128M, instances = 1, chunk size = 128M
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [Note] InnoDB: Completed initialization of buffer pool
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492453046016 [Note] InnoDB: If the mysqld execution user is authorized, page cleaner thread priority can be changed. See the man page of setpriority().
            Jul 10 12:44:55 fedora28 audit[31938]: AVC avc: denied { getattr } for pid=31938 comm="mysqld" path="/var/lib/mysql/ibdata1" dev="dm-0" ino=806137 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:mysqld_db_t:s0 tclass=file permissive=0
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] InnoDB: Operating system error number 13 in a file operation.
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] InnoDB: The error means mysqld does not have the access rights to the directory.
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] InnoDB: os_file_get_status() failed on './ibdata1'. Can't determine file permissions
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] InnoDB: Plugin initialization aborted with error Generic error
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [Note] InnoDB: Starting shutdown...
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] Plugin 'InnoDB' init function returned error.
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] Plugin 'InnoDB' registration as a STORAGE ENGINE failed.
            Jul 10 12:44:55 fedora28 audit[31938]: AVC avc: denied { read write } for pid=31938 comm="mysqld" name="aria_log_control" dev="dm-0" ino=806142 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:mysqld_db_t:s0 tclass=file permissive=0
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] mysqld: File '/var/lib/mysql/aria_log_control' not found (Errcode: 13 "Permission denied")
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] mysqld: Got error 'Can't open file' when trying to use aria control file '/var/lib/mysql/aria_log_control'
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] Plugin 'Aria' init function returned error.
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] Plugin 'Aria' registration as a STORAGE ENGINE failed.
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [Note] Plugin 'FEEDBACK' is disabled.
            Jul 10 12:44:55 fedora28 audit[31938]: AVC avc: denied { read } for pid=31938 comm="mysqld" name="plugin.frm" dev="dm-0" ino=806160 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:mysqld_db_t:s0 tclass=file permissive=0
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] Could not open mysql.plugin table. Some plugins may be not loaded
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] Unknown/unsupported storage engine: InnoDB
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] Aborting
            Jul 10 12:44:55 fedora28 systemd[1]: mariadb.service: Main process exited, code=exited, status=1/FAILURE
            Jul 10 12:44:55 fedora28 systemd[1]: mariadb.service: Failed with result 'exit-code'.
            Jul 10 12:44:55 fedora28 systemd[1]: Failed to start MariaDB 10.2.16 database server.
            Jul 10 12:44:55 fedora28 audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=mariadb comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'

            ***** Plugin catchall (100. confidence) suggests **************************

            If you believe that mysqld should be allowed read write access on the aria_log_control file by default.
            Then you should report this as a bug.
            You can generate a local policy module to allow this access.
            Do
            allow this access for now by executing:
            # ausearch -c 'mysqld' --raw | audit2allow -M my-mysqld
            # semodule -X 300 -i my-mysqld.pp


            Additional Information:
            Source Context system_u:system_r:init_t:s0
            Target Context unconfined_u:object_r:mysqld_db_t:s0
            Target Objects aria_log_control [ file ]
            Source mysqld
            Source Path mysqld
            Port <Unknown>
            Host <Unknown>
            Source RPM Packages
            Target RPM Packages
            Policy RPM selinux-policy-3.14.1-32.fc28.noarch
            Selinux Enabled True
            Policy Type targeted
            Enforcing Mode Enforcing
            Host Name fedora28.afs.local
            Platform Linux fedora28 4.17.3-200.fc28.x86_64 #1
                                          SMP Tue Jun 26 14:17:07 UTC 2018 x86_64 x86_64
            Alert Count 3
            First Seen 2018-07-10 11:47:32 CEST
            Last Seen 2018-07-10 13:23:30 CEST
            Local ID fe418f32-a09b-4648-ab58-0174f40d443b

            Raw Audit Messages
            type=AVC msg=audit(1531221810.99:421): avc: denied { read write } for pid=1318 comm="mysqld" name="aria_log_control" dev="dm-0" ino=806142 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:mysqld_db_t:s0 tclass=file permissive=0


            Hash: mysqld,init_t,mysqld_db_t,file,read,write

            [root@fedora28 ~]# ausearch -c 'mysqld' --raw | audit2allow -M my-mysqld
            ******************** IMPORTANT ***********************
            To make this policy package active, execute:

            semodule -i my-mysqld.pp


            Hi All,

            I haven't seen this issue pop up yet anywhere except for notifications about multiple instances of MariaDB could be installed, but that's not the case in this specific issue.

            On a clean installation of Fedora 28 when installing MariaDB server from the official repository it fails to start after the installation.

            Installed packages
            {noformat}
            rpm -qa | grep -i maria
            MariaDB-server-10.2.16-1.fc28.x86_64
            MariaDB-common-10.2.16-1.fc28.x86_64
            MariaDB-client-10.2.16-1.fc28.x86_64

            dnf list installed | grep -i maria
            MariaDB-client.x86_64 10.2.16-1.fc28 @mariadb
            MariaDB-common.x86_64 10.2.16-1.fc28 @mariadb
            MariaDB-server.x86_64 10.2.16-1.fc28 @mariadb
            {noformat}

            It seems to have to do with selinux policies, when I set selinux to permissive it's able to start the MariaDB server process without any issues.

            I was able to reproduce this on a plain netinstall of Fedora28.

            {noformat}
            Jul 10 12:44:54 fedora28 systemd[1]: Starting MariaDB 10.2.16 database server...
            Jul 10 12:44:54 fedora28 audit[31938]: AVC avc: denied { nnp_transition } for pid=31938 comm="(mysqld)" scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:mysqld_t:s0 tclass=process2 permissive=0
            Jul 10 12:44:54 fedora28 audit: SELINUX_ERR op=security_bounded_transition seresult=denied oldcontext=system_u:system_r:init_t:s0 newcontext=system_u:system_r:mysqld_t:s0
            Jul 10 12:44:54 fedora28 mysqld[31938]: 2018-07-10 12:44:54 140492999485696 [Note] /usr/sbin/mysqld (mysqld 10.2.16-MariaDB) starting as process 31938 ...
            Jul 10 12:44:54 fedora28 mysqld[31938]: 2018-07-10 12:44:54 140492999485696 [Warning] Can't create test file /var/lib/mysql/fedora28.lower-test
            Jul 10 12:44:54 fedora28 audit[31938]: AVC avc: denied { write } for pid=31938 comm="mysqld" name="mysql" dev="dm-0" ino=811203 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:mysqld_db_t:s0 tclass=dir permissive=0
            Jul 10 12:44:55 fedora28 audit[31938]: AVC avc: denied { read } for pid=31938 comm="mysqld" name="plugin.frm" dev="dm-0" ino=806160 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:mysqld_db_t:s0 tclass=file permissive=0
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [Note] InnoDB: Mutexes and rw_locks use GCC atomic builtins
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [Note] InnoDB: Uses event mutexes
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [Note] InnoDB: Compressed tables use zlib 1.2.11
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [Note] InnoDB: Using Linux native AIO
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [Note] InnoDB: Number of pools: 1
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [Note] InnoDB: Using SSE2 crc32 instructions
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [Note] InnoDB: Initializing buffer pool, total size = 128M, instances = 1, chunk size = 128M
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [Note] InnoDB: Completed initialization of buffer pool
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492453046016 [Note] InnoDB: If the mysqld execution user is authorized, page cleaner thread priority can be changed. See the man page of setpriority().
            Jul 10 12:44:55 fedora28 audit[31938]: AVC avc: denied { getattr } for pid=31938 comm="mysqld" path="/var/lib/mysql/ibdata1" dev="dm-0" ino=806137 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:mysqld_db_t:s0 tclass=file permissive=0
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] InnoDB: Operating system error number 13 in a file operation.
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] InnoDB: The error means mysqld does not have the access rights to the directory.
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] InnoDB: os_file_get_status() failed on './ibdata1'. Can't determine file permissions
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] InnoDB: Plugin initialization aborted with error Generic error
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [Note] InnoDB: Starting shutdown...
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] Plugin 'InnoDB' init function returned error.
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] Plugin 'InnoDB' registration as a STORAGE ENGINE failed.
            Jul 10 12:44:55 fedora28 audit[31938]: AVC avc: denied { read write } for pid=31938 comm="mysqld" name="aria_log_control" dev="dm-0" ino=806142 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:mysqld_db_t:s0 tclass=file permissive=0
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] mysqld: File '/var/lib/mysql/aria_log_control' not found (Errcode: 13 "Permission denied")
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] mysqld: Got error 'Can't open file' when trying to use aria control file '/var/lib/mysql/aria_log_control'
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] Plugin 'Aria' init function returned error.
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] Plugin 'Aria' registration as a STORAGE ENGINE failed.
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [Note] Plugin 'FEEDBACK' is disabled.
            Jul 10 12:44:55 fedora28 audit[31938]: AVC avc: denied { read } for pid=31938 comm="mysqld" name="plugin.frm" dev="dm-0" ino=806160 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:mysqld_db_t:s0 tclass=file permissive=0
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] Could not open mysql.plugin table. Some plugins may be not loaded
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] Unknown/unsupported storage engine: InnoDB
            Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] Aborting
            Jul 10 12:44:55 fedora28 systemd[1]: mariadb.service: Main process exited, code=exited, status=1/FAILURE
            Jul 10 12:44:55 fedora28 systemd[1]: mariadb.service: Failed with result 'exit-code'.
            Jul 10 12:44:55 fedora28 systemd[1]: Failed to start MariaDB 10.2.16 database server.
            Jul 10 12:44:55 fedora28 audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=mariadb comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
            {noformat}
            {noformat}
            ***** Plugin catchall (100. confidence) suggests **************************

            If you believe that mysqld should be allowed read write access on the aria_log_control file by default.
            Then you should report this as a bug.
            You can generate a local policy module to allow this access.
            Do
            allow this access for now by executing:
            # ausearch -c 'mysqld' --raw | audit2allow -M my-mysqld
            # semodule -X 300 -i my-mysqld.pp


            Additional Information:
            Source Context system_u:system_r:init_t:s0
            Target Context unconfined_u:object_r:mysqld_db_t:s0
            Target Objects aria_log_control [ file ]
            Source mysqld
            Source Path mysqld
            Port <Unknown>
            Host <Unknown>
            Source RPM Packages
            Target RPM Packages
            Policy RPM selinux-policy-3.14.1-32.fc28.noarch
            Selinux Enabled True
            Policy Type targeted
            Enforcing Mode Enforcing
            Host Name fedora28.afs.local
            Platform Linux fedora28 4.17.3-200.fc28.x86_64 #1
                                          SMP Tue Jun 26 14:17:07 UTC 2018 x86_64 x86_64
            Alert Count 3
            First Seen 2018-07-10 11:47:32 CEST
            Last Seen 2018-07-10 13:23:30 CEST
            Local ID fe418f32-a09b-4648-ab58-0174f40d443b

            Raw Audit Messages
            type=AVC msg=audit(1531221810.99:421): avc: denied { read write } for pid=1318 comm="mysqld" name="aria_log_control" dev="dm-0" ino=806142 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:mysqld_db_t:s0 tclass=file permissive=0


            Hash: mysqld,init_t,mysqld_db_t,file,read,write

            [root@fedora28 ~]# ausearch -c 'mysqld' --raw | audit2allow -M my-mysqld
            ******************** IMPORTANT ***********************
            To make this policy package active, execute:

            semodule -i my-mysqld.pp
            {noformat}

            Our documentation has some points regarding SELinux configuration, did you check them?
            https://mariadb.com/kb/en/library/what-to-do-if-mariadb-doesnt-start/#selinux

            elenst Elena Stepanova added a comment - Our documentation has some points regarding SELinux configuration, did you check them? https://mariadb.com/kb/en/library/what-to-do-if-mariadb-doesnt-start/#selinux
            elenst Elena Stepanova made changes -
            Epic/Theme server
            elenst Elena Stepanova made changes -
            Labels crash crash need_feedback

            Hi Elena,

            I did, and obviously I can fix it by setting mysql service to permissive or set selinux to permissive.
            Or even with sealert and create a semodule.
            But there is something in the default selinux policies which is causing this, I only have this on the MariaDB repository ( for 10.2 and 10.3 ).

            When I get the MariaDB-server from the fedora repositories I don't have these issues and everything starts fine.
            The MariaDB version with selinux in permissive mode does work.

            For what I've tested on CentOS 7.4 this isn't an issue either.

            evanberkum Edward van Berkum added a comment - Hi Elena, I did, and obviously I can fix it by setting mysql service to permissive or set selinux to permissive. Or even with sealert and create a semodule. But there is something in the default selinux policies which is causing this, I only have this on the MariaDB repository ( for 10.2 and 10.3 ). When I get the MariaDB-server from the fedora repositories I don't have these issues and everything starts fine. The MariaDB version with selinux in permissive mode does work. For what I've tested on CentOS 7.4 this isn't an issue either.
            elenst Elena Stepanova made changes -
            Labels crash need_feedback crash
            elenst Elena Stepanova made changes -
            Labels crash selinux
            elenst Elena Stepanova made changes -
            Fix Version/s 10.2 [ 14601 ]
            Assignee Vicentiu Ciorbaru [ cvicentiu ]

            I may confirm that issue, encountered on clean installation of Fedora 27 when installing MariaDB 10.2; with installation on CentOS 7.4 there wasn't indeed such issue .

            winstone Zdravelina Sokolovska (Inactive) added a comment - I may confirm that issue, encountered on clean installation of Fedora 27 when installing MariaDB 10.2; with installation on CentOS 7.4 there wasn't indeed such issue .
            serg Sergei Golubchik made changes -
            Labels selinux selinux systemd
            serg Sergei Golubchik made changes -
            Assignee Vicentiu Ciorbaru [ cvicentiu ] Axel Schwenke [ axel ]
            axel Axel Schwenke made changes -
            Assignee Axel Schwenke [ axel ] Daniel Black [ danblack ]
            serg Sergei Golubchik made changes -
            Workflow MariaDB v3 [ 88335 ] MariaDB v4 [ 140857 ]
            danblack Daniel Black added a comment -

            The system_u:system_r:init_t:s0 content and nnp AVC error seem that this is a duplicate of MDEV-10404.

            NoNewPrivileges=true was reverted there, so shouldn't be a problem any more.

            danblack Daniel Black added a comment - The system_u:system_r:init_t:s0 content and nnp AVC error seem that this is a duplicate of MDEV-10404 . NoNewPrivileges=true was reverted there, so shouldn't be a problem any more.
            danblack Daniel Black made changes -
            danblack Daniel Black made changes -
            issue.field.resolutiondate 2023-07-18 01:42:54.0 2023-07-18 01:42:54.969
            danblack Daniel Black made changes -
            Component/s N/A [ 14411 ]
            Component/s Server [ 13907 ]
            Fix Version/s N/A [ 14700 ]
            Fix Version/s 10.2 [ 14601 ]
            Resolution Duplicate [ 3 ]
            Status Open [ 1 ] Closed [ 6 ]

            People

              danblack Daniel Black
              evanberkum Edward van Berkum
              Votes:
              1 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.