Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Not a Bug
-
10.11.15
-
None
-
Not for Release Notes
Description
Hello,
Since mariadb 10.11.15, I notice that :
- mariadb-server force install of package mysql-selinux-1.0.14.
- context mysqld_exec_t is applied to /usr/sbin/mariadbd (before, in mariadb 10.11.14 it was context bin_t)
My mariadb servers have custom dirs which all have the correct selinux context and working for years with selinux set to enforce. Since 10.11.15 my service refuses to start and is blocked by selinux. The culprit is the ExecStartPre that I included in the service and which runs mariadb-install-db in case no db exists in datadir. Errors recieved are :
[Warning] Can't create test file '/my/path/data/servername.lower-test' (Errcode: 13 "Permission denied")
|
/usr/sbin/mariadbd: Cannot change uid/gid (errno: 1)
|
If I set mysqld_t to permissive I can start but with multiple denial logs in audit log + warning in mariadb logs
[Warning] mysqld: io_uring_queue_init() failed with EPERM: sysctl kernel.io_uring_disabled has the value 2, or 1 and the user of the process is not a member of sysctl kernel.io_uring_group. (see man 2 io_uring_setup).
|
create_uring failed: falling back to libaio
|
Is this a bug ? Can you reproduce the issue on your side ? Is there new doc to read about selinux changes since 10.11.15 ?
Thank you
Attachments
Issue Links
- is caused by
-
-
- Closed
-
- relates to
-
-
- Needs Feedback
-