[MDEV-10753] selinux policies prevent 10.1.17-1.el7.centos to access: initrc_tmp_t + var_log_t Created: 2016-09-06 Updated: 2021-09-16 Resolved: 2021-09-16 |
|
| Status: | Closed |
| Project: | MariaDB Server |
| Component/s: | Platform RedHat |
| Affects Version/s: | 10.1.17 |
| Fix Version/s: | N/A |
| Type: | Bug | Priority: | Major |
| Reporter: | none now | Assignee: | Axel Schwenke |
| Resolution: | Won't Fix | Votes: | 0 |
| Labels: | selinux | ||
| Environment: |
Centos, SL, Redhat |
||
| Issue Links: |
|
||||||||
| Description |
|
upgrade from 10.1.16 and failure to restart $ ausearch -ts 14:18 | audit2allow maybe even more silent denials, but I haven't checked. |
| Comments |
| Comment by Elena Stepanova [ 2016-09-07 ] | ||
|
svoj, nirbhay_c, anything related to your latest changes in 10.1? I am not getting the problem on CentOS 7, but i guess there are many factors which can affect the behavior. | ||
| Comment by Sergey Vojtovich [ 2016-09-07 ] | ||
|
elenst, are you testing mysqld started by systemd? Do you have fix for | ||
| Comment by Elena Stepanova [ 2016-09-07 ] | ||
|
svoj, I wasn't using a tree, I was using release repo 10.1.16 and 10.1.17. To start/restart the server, I run /etc/init.d/mysql, which on CentOS 7 at least redirects to systemctl:
| ||
| Comment by none now [ 2016-09-08 ] | ||
|
build a SE module out of these two rules fixes the problem, and systemd start daemon ok. When you tests do the path "regular" admins walk, usual-regular systools first, they don't care (at first) about tools-scripts behind hidden. | ||
| Comment by Sergei Golubchik [ 2017-01-18 ] | ||
|
10.1 now has support for building and installing selinux policies, adding more should be easy | ||
| Comment by Axel Schwenke [ 2021-09-16 ] | ||
|
This affects an old version of the server (10.1). If this problem persists with an up-to-date version, please open a new ticket. |