Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-16718

Job for mariadb.service failed because the control process exited with error code.

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Duplicate
    • 10.2.16
    • N/A
    • N/A
    • Fedora Linux

    Description

      Hi All,

      I haven't seen this issue pop up yet anywhere except for notifications about multiple instances of MariaDB could be installed, but that's not the case in this specific issue.

      On a clean installation of Fedora 28 when installing MariaDB server from the official repository it fails to start after the installation.

      Installed packages

      rpm -qa | grep -i maria
      		 
      MariaDB-server-10.2.16-1.fc28.x86_64
      		 
      MariaDB-common-10.2.16-1.fc28.x86_64
      		 
      MariaDB-client-10.2.16-1.fc28.x86_64
      		 
       
      		 
      dnf list installed | grep -i maria
      		 
      MariaDB-client.x86_64                      10.2.16-1.fc28               @mariadb
      		 
      MariaDB-common.x86_64                      10.2.16-1.fc28               @mariadb
      		 
      MariaDB-server.x86_64                      10.2.16-1.fc28               @mariadb

      It seems to have to do with selinux policies, when I set selinux to permissive it's able to start the MariaDB server process without any issues.

      I was able to reproduce this on a plain netinstall of Fedora28.

      Jul 10 12:44:54 fedora28 systemd[1]: Starting MariaDB 10.2.16 database server...
      		 
      Jul 10 12:44:54 fedora28 audit[31938]: AVC avc:  denied  { nnp_transition } for  pid=31938 comm="(mysqld)" scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:mysqld_t:s0 tclass=process2 permissive=0
      		 
      Jul 10 12:44:54 fedora28 audit: SELINUX_ERR op=security_bounded_transition seresult=denied oldcontext=system_u:system_r:init_t:s0 newcontext=system_u:system_r:mysqld_t:s0
      		 
      Jul 10 12:44:54 fedora28 mysqld[31938]: 2018-07-10 12:44:54 140492999485696 [Note] /usr/sbin/mysqld (mysqld 10.2.16-MariaDB) starting as process 31938 ...
      		 
      Jul 10 12:44:54 fedora28 mysqld[31938]: 2018-07-10 12:44:54 140492999485696 [Warning] Can't create test file /var/lib/mysql/fedora28.lower-test
      		 
      Jul 10 12:44:54 fedora28 audit[31938]: AVC avc:  denied  { write } for  pid=31938 comm="mysqld" name="mysql" dev="dm-0" ino=811203 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:mysqld_db_t:s0 tclass=dir permissive=0
      		 
      Jul 10 12:44:55 fedora28 audit[31938]: AVC avc:  denied  { read } for  pid=31938 comm="mysqld" name="plugin.frm" dev="dm-0" ino=806160 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:mysqld_db_t:s0 tclass=file permissive=0
      		 
      Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [Note] InnoDB: Mutexes and rw_locks use GCC atomic builtins
      		 
      Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [Note] InnoDB: Uses event mutexes
      		 
      Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [Note] InnoDB: Compressed tables use zlib 1.2.11
      		 
      Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [Note] InnoDB: Using Linux native AIO
      		 
      Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [Note] InnoDB: Number of pools: 1
      		 
      Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [Note] InnoDB: Using SSE2 crc32 instructions
      		 
      Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [Note] InnoDB: Initializing buffer pool, total size = 128M, instances = 1, chunk size = 128M
      		 
      Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [Note] InnoDB: Completed initialization of buffer pool
      		 
      Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492453046016 [Note] InnoDB: If the mysqld execution user is authorized, page cleaner thread priority can be changed. See the man page of setpriority().
      		 
      Jul 10 12:44:55 fedora28 audit[31938]: AVC avc:  denied  { getattr } for  pid=31938 comm="mysqld" path="/var/lib/mysql/ibdata1" dev="dm-0" ino=806137 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:mysqld_db_t:s0 tclass=file permissive=0
      		 
      Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] InnoDB: Operating system error number 13 in a file operation.
      		 
      Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] InnoDB: The error means mysqld does not have the access rights to the directory.
      		 
      Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] InnoDB: os_file_get_status() failed on './ibdata1'. Can't determine file permissions
      		 
      Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] InnoDB: Plugin initialization aborted with error Generic error
      		 
      Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [Note] InnoDB: Starting shutdown...
      		 
      Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] Plugin 'InnoDB' init function returned error.
      		 
      Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] Plugin 'InnoDB' registration as a STORAGE ENGINE failed.
      		 
      Jul 10 12:44:55 fedora28 audit[31938]: AVC avc:  denied  { read write } for  pid=31938 comm="mysqld" name="aria_log_control" dev="dm-0" ino=806142 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:mysqld_db_t:s0 tclass=file permissive=0
      		 
      Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] mysqld: File '/var/lib/mysql/aria_log_control' not found (Errcode: 13 "Permission denied")
      		 
      Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] mysqld: Got error 'Can't open file' when trying to use aria control file '/var/lib/mysql/aria_log_control'
      		 
      Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] Plugin 'Aria' init function returned error.
      		 
      Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] Plugin 'Aria' registration as a STORAGE ENGINE failed.
      		 
      Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [Note] Plugin 'FEEDBACK' is disabled.
      		 
      Jul 10 12:44:55 fedora28 audit[31938]: AVC avc:  denied  { read } for  pid=31938 comm="mysqld" name="plugin.frm" dev="dm-0" ino=806160 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:mysqld_db_t:s0 tclass=file permissive=0
      		 
      Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] Could not open mysql.plugin table. Some plugins may be not loaded
      		 
      Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] Unknown/unsupported storage engine: InnoDB
      		 
      Jul 10 12:44:55 fedora28 mysqld[31938]: 2018-07-10 12:44:55 140492999485696 [ERROR] Aborting
      		 
      Jul 10 12:44:55 fedora28 systemd[1]: mariadb.service: Main process exited, code=exited, status=1/FAILURE
      		 
      Jul 10 12:44:55 fedora28 systemd[1]: mariadb.service: Failed with result 'exit-code'.
      		 
      Jul 10 12:44:55 fedora28 systemd[1]: Failed to start MariaDB 10.2.16 database server.
      		 
      Jul 10 12:44:55 fedora28 audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=mariadb comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'


      *****  Plugin catchall (100. confidence) suggests   **************************
      		 
       
      		 
      If you believe that mysqld should be allowed read write access on the aria_log_control file by default.
      		 
      Then you should report this as a bug.
      		 
      You can generate a local policy module to allow this access.
      		 
      Do
      		 
      allow this access for now by executing:
      		 
      # ausearch -c 'mysqld' --raw | audit2allow -M my-mysqld
      		 
      # semodule -X 300 -i my-mysqld.pp
      		 
       
      		 
       
      		 
      Additional Information:
      		 
      Source Context                system_u:system_r:init_t:s0
      		 
      Target Context                unconfined_u:object_r:mysqld_db_t:s0
      		 
      Target Objects                aria_log_control [ file ]
      		 
      Source                        mysqld
      		 
      Source Path                   mysqld
      		 
      Port                          <Unknown>
      		 
      Host                          <Unknown>
      		 
      Source RPM Packages           
      Target RPM Packages           
      Policy RPM                    selinux-policy-3.14.1-32.fc28.noarch
      		 
      Selinux Enabled               True
      		 
      Policy Type                   targeted
      		 
      Enforcing Mode                Enforcing
      		 
      Host Name                     fedora28.afs.local
      		 
      Platform                      Linux fedora28 4.17.3-200.fc28.x86_64 #1
      		 
                                    SMP Tue Jun 26 14:17:07 UTC 2018 x86_64 x86_64
      		 
      Alert Count                   3
      		 
      First Seen                    2018-07-10 11:47:32 CEST
      		 
      Last Seen                     2018-07-10 13:23:30 CEST
      		 
      Local ID                      fe418f32-a09b-4648-ab58-0174f40d443b
      		 
       
      		 
      Raw Audit Messages
      		 
      type=AVC msg=audit(1531221810.99:421): avc:  denied  { read write } for  pid=1318 comm="mysqld" name="aria_log_control" dev="dm-0" ino=806142 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:mysqld_db_t:s0 tclass=file permissive=0
      		 
       
      		 
       
      		 
      Hash: mysqld,init_t,mysqld_db_t,file,read,write
      		 
       
      		 
      [root@fedora28 ~]# ausearch -c 'mysqld' --raw | audit2allow -M my-mysqld
      		 
      ******************** IMPORTANT ***********************
      		 
      To make this policy package active, execute:
      		 
       
      		 
      semodule -i my-mysqld.pp

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. MDEV-10404 Improved systemd service hardening causes SELinux problems

          • Major - Major loss of function.
          • Closed

          Activity

            People

              danblack Daniel Black
              evanberkum Edward van Berkum
              Votes:
              1 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.