Details
-
Bug
-
Status: Stalled (View Workflow)
-
Critical
-
Resolution: Unresolved
-
10.5.9
-
None
-
CentOS Linux release 8.3.2011
Description
Tried couple of locations for the server's `socket` parameter
These two end up with correct label mysqld_var_run_t
/var/run/mysql/imthesocket.sock
/var/run/mysqld/imalsothesocket.sock
And these two have incorrect labels
/var/run/mariadb/itriedtobeasocket.sock is labeled var_run_t
/var/lib/mysql/mysql.sock is labeled as mysqld_db_t
Both of which can be fixed by running restorecon on them which flips them back to mysqld_var_run_t
Also might be related to older issue MDEV-10405 and 10.3.27 wasn't affected by this as it was the starting point of the upgrade to 10.5.8. Clean install is also affected.
Attachments
Issue Links
- relates to
-
-
- Closed
-
-
-
- Closed
-
- links to
Activity
with mysql-selinux-1.0.10 now in Centos/RHEL8/9 the context of the /usr/sbin/mariadbd is now correct.
[root@9e5dd16d0f36 yum.repos.d]# semanage fcontext -l | grep /usr/sbin/mariadbd
|
/usr/sbin/mariadbd regular file system_u:object_r:mysqld_exec_t:s0
|
Name : mysql-selinux
|
Version : 1.0.10
|
Release : 1.el8
|
Architecture : noarch
|
Size : 49 k
|
Source : mysql-selinux-1.0.10-1.el8.src.rpm
|
Repository : @System
|
From repo : appstream
|
Summary : SELinux policy modules for MySQL and MariaDB packages
|
URL : https://github.com/devexp-db/mysql-selinux
|
License : GPL-3.0-only
|
Description : SELinux policy modules for MySQL and MariaDB packages.
|
|
|
[root@9e5dd16d0f36 yum.repos.d]# rpm -ql MariaDB-server| grep /usr/sbin
|
/usr/sbin/mariadbd
|
/usr/sbin/mysqld
|
/usr/sbin/rcmysql
|
[root@9e5dd16d0f36 yum.repos.d]# ls -la /usr/sbin/mariadbd /usr/sbin/mysqld
|
-rwxr-xr-x. 1 root root 25587160 Oct 30 08:07 /usr/sbin/mariadbd
|
lrwxrwxrwx. 1 root root 8 Oct 30 07:56 /usr/sbin/mysqld -> mariadbd
|
[root@9e5dd16d0f36 yum.repos.d]# dnf info MariaDB-server
|
Last metadata expiration check: 0:07:17 ago on Thu Jan 9 01:42:33 2025.
|
Installed Packages
|
Name : MariaDB-server
|
Version : 10.5.27
|
Release : 1.el8
|
Architecture : x86_64
|
Size : 127 M
|
Source : MariaDB-server-10.5.27-1.el8.src.rpm
|
Repository : @System
|
From repo : mariadb
|
Summary : MariaDB database server binaries
|
URL : http://mariadb.org
|
License : GPLv2
|
Description : MariaDB: a very fast and robust SQL database server
|
:
|
: It is GPL v2 licensed, which means you can use the it free of charge under the
|
: conditions of the GNU General Public License Version 2 (http://www.gnu.org/licenses/).
|
:
|
: MariaDB documentation can be found at https://mariadb.com/kb
|
: MariaDB bug reports should be submitted through https://jira.mariadb.org
|
This is not working on AlmaLinux 9.5 and MariaDB 10.11.11 and should be reopened.
[root@server ~]# semanage fcontext -l | grep /usr/sbin/mariadbd
|
[root@server ~]#
|
|
|
[root@server ~]# dnf info mysql-selinux
|
Installed Packages
|
Name : mysql-selinux
|
Version : 1.0.13
|
Release : 1.el9_5
|
Architecture : noarch
|
Size : 50 k
|
Source : mysql-selinux-1.0.13-1.el9_5.src.rpm
|
Repository : @System
|
From repo : appstream
|
Summary : SELinux policy modules for MySQL and MariaDB packages
|
URL : https://github.com/devexp-db/mysql-selinux
|
License : GPLv3
|
Description : SELinux policy modules for MySQL and MariaDB packages.
|
|
|
[root@server ~]# rpm -ql MariaDB-server| grep /usr/sbin
|
/usr/sbin/mariadbd
|
/usr/sbin/mysqld
|
/usr/sbin/rcmysql
|
|
|
[root@server ~]# ls -la /usr/sbin/mariadbd /usr/sbin/mysqld
|
-rwxr-xr-x. 1 root root 27334928 Jan 30 13:49 /usr/sbin/mariadbd
|
lrwxrwxrwx. 1 root root 8 Jan 30 13:36 /usr/sbin/mysqld -> mariadbd
|
|
|
[root@server ~]# dnf info MariaDB-server
|
Installed Packages
|
Name : MariaDB-server
|
Version : 10.11.11
|
Release : 1.el9
|
Architecture : x86_64
|
Size : 139 M
|
Source : MariaDB-server-10.11.11-1.el9.src.rpm
|
Repository : @System
|
From repo : mariadb
|
Summary : MariaDB database server binaries
|
URL : http://mariadb.org
|
License : GPLv2
|
Description : MariaDB: a very fast and robust SQL database server
|
:
|
: It is GPL v2 licensed, which means you can use the it free of charge under the
|
: conditions of the GNU General Public License Version 2 (http://www.gnu.org/licenses/).
|
:
|
: MariaDB documentation can be found at https://mariadb.com/kb
|
: MariaDB bug reports should be submitted through https://jira.mariadb.org
|
Seems in a bulk changes https://github.com/devexp-db/mysql-selinux/commit/58faf0fbe89a7783de2900410fa9e89b1cf525ee the upstream packages weren't considered. So currently broken in 1.0.12 and 1.0.13
proposed fix:
https://github.com/devexp-db/mysql-selinux/pull/9
Since its an upstream bug rather than a MariaDB one I'm going to keep this bug report closed.
As a workaround until this is fixed:
sudo semanage fcontext -a -t mysqld_exec_t /usr/sbin/mariadbd
|
sudo restorecon -Rv /usr/sbin/mariadbd
|
Added https://github.com/devexp-db/mysql-selinux/pull/5 as a fix that included mariadb-backup and doesn't break the Fedora distribution of MariaDB.