MariaDB-common-10.1.28-1.el7.centos.x86_64

MariaDB-client-10.1.28-1.el7.centos.x86_64

MariaDB-server-10.1.28-1.el7.centos.x86_64

MariaDB-shared-10.1.28-1.el7.centos.x86_64

galera-25.3.20-1.rhel7.el7.centos.x86_64

percona-xtrabackup-2.3.6-1.el7.x86_64

*****  Plugin catchall_labels (83.8 confidence) suggests   *******************

If you want to allow mktemp to have create access on the wsrep_recovery.K1AY7s file

Then necesita modificar la etiqueta en wsrep_recovery.K1AY7s

Do

# semanage fcontext -a -t FILE_TYPE 'wsrep_recovery.K1AY7s'

donde FILE_TYPE es uno de los siguientes: mysqld_db_t, mysqld_log_t, mysqld_var_run_t. 

Luego ejecute: 

restorecon -v 'wsrep_recovery.K1AY7s'

*****  Plugin catchall (17.1 confidence) suggests   **************************

If cree que de manera predeterminada, mktemp debería permitir acceso create sobre wsrep_recovery.K1AY7s file.     

Then debería reportar esto como un error.

Puede generar un módulo de política local para permitir este acceso.

Do

allow this access for now by executing:

# ausearch -c 'mktemp' --raw | audit2allow -M my-mktemp

# semodule -i my-mktemp.pp

Additional Information:

Source Context                system_u:system_r:mysqld_safe_t:s0

**Target Context                system_u:object_r:usr_t:s0**

Target Objects                wsrep_recovery.K1AY7s [ file ]

Source                        mktemp

Source Path                   /usr/bin/mktemp

Port                          <Unknown>

Host                          spi2.**********

Source RPM Packages           coreutils-8.22-18.el7.x86_64

Target RPM Packages           

Policy RPM                    selinux-policy-3.13.1-166.el7_4.4.noarch

Selinux Enabled               True

Policy Type                   targeted

Enforcing Mode                Enforcing

Host Name                     spi2.**********

Platform                      Linux spi2.********

                              3.10.0-693.2.2.el7.x86_64 #1 SMP Tue Sep 12

                              22:26:13 UTC 2017 x86_64 x86_64

Alert Count                   14

First Seen                    2017-09-28 12:54:57 -03

Last Seen                     2017-10-12 12:09:59 -03

Local ID                      2f128290-dc5e-4280-bcb4-2fcc3abb56e3

Raw Audit Messages

type=AVC msg=audit(1507820999.760:2512): avc:  denied  { create } for  pid=16103 comm="mktemp" name="wsrep_recovery.K1AY7s" scontext=system_u:system_r:mysqld_safe_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file

type=AVC msg=audit(1507820999.760:2512): avc:  denied  { write } for  pid=16103 comm="mktemp" path="/usr/wsrep_recovery.K1AY7s" dev="sda3" ino=198736 scontext=system_u:system_r:mysqld_safe_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file

type=SYSCALL msg=audit(1507820999.760:2512): arch=x86_64 syscall=open success=yes exit=ESRCH a0=190d050 a1=c2 a2=180 a3=652a6ab1f081fc9a items=0 ppid=15909 pid=16103 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=mktemp exe=/usr/bin/mktemp subj=system_u:system_r:mysqld_safe_t:s0 key=(null)

Hash: mktemp,mysqld_safe_t,usr_t,file,create

[mysqld]

datadir=/var/lib/mysql

socket=/var/lib/mysql/mysql.sock

# Disabling symbolic-links is recommended to prevent assorted security risks

symbolic-links=0

# Settings user and group are ignored when systemd is used.

# If you need to run mysqld under a different user or group,

# customize your systemd unit file for mariadb according to the

# instructions in http://fedoraproject.org/wiki/Systemd

log-error=/var/log/mariadb/mariadb.log

pid-file=/var/run/mariadb/mariadb.pid

[mysqld_safe]

log-error=/var/log/mariadb/mariadb.log

pid-file=/var/run/mariadb/mariadb.pid

[client]

default_character_set = UTF8

#

# include all files from the config directory

#

!includedir /etc/my.cnf.d

Included files: server.cnf

#

# These groups are read by MariaDB server.

# Use it for options that only the server (but not clients) should see

#

# See the examples of server my.cnf files in /usr/share/mysql/

#

# this is read by the standalone daemon and embedded servers

[server]

# this is only for the mysqld standalone daemon

[mysqld]

key_buffer = 64M

max_allowed_packet = 4M

table_cache = 512

sort_buffer_size = 8M

net_buffer_length = 32K

read_buffer_size = 4M

read_rnd_buffer_size = 8M

myisam_sort_buffer_size = 32M

character_set_filesystem = UTF8

character_set_server = UTF8

default-storage-engine=INNODB

innodb_file_per_table

innodb_flush_method=O_DIRECT

innodb_log_file_size=64M

innodb_buffer_pool_size = 256M

join_buffer_size = 1048576

#

# * Galera-related settings

#

[galera]

# Mandatory settings

wsrep_on=ON

wsrep_provider=/usr/lib64/galera/libgalera_smm.so

wsrep_provider_options="gmcast.listen_addr=tcp://10.39.2.150:4778"

wsrep_cluster_address=gcomm://10.39.1.150:4778,10.39.1.101:4778,10.39.2.150:4778

binlog_format=row

default_storage_engine=InnoDB

innodb_autoinc_lock_mode=2

#

# Allow server to accept connections on all interfaces.

#

bind-address=10.39.2.150

#

# Optional setting

#wsrep_slave_threads=1

#innodb_flush_log_at_trx_commit=0

#

wsrep_cluster_name="MariaDB_SPI-Cluster"

wsrep_node_address="10.39.2.150"

wsrep_sst_method=xtrabackup

wsrep_sst_auth=root:*********

wsrep_sst_receive_address=10.39.2.150:4777

wsrep_data_home_dir=/var/lib/mysql

wsrep_debug=ON