[MDEV-21609] Selinux denial on mktemp in mysqld_safe script Created: 2020-01-30  Updated: 2021-07-26  Resolved: 2021-07-26

Status: Closed
Project: MariaDB Server
Component/s: Galera, Scripts & Clients
Affects Version/s: 10.3.22
Fix Version/s: N/A

Type: Bug Priority: Critical
Reporter: Xavier Lashmar Assignee: Jan Lindström (Inactive)
Resolution: Not a Bug Votes: 0
Labels: need_feedback
Environment:

CentOS 7.6.1810


 Description   

The bug that was mentionned in: MDEV-13950 is back.

The mysqld_safe script uses the mktemp command without the -t option once again, and recovery fails as it gets blocked by SeLinux.

# grep -n mktemp /usr/bin/mysqld_safe
 
229:  local wr_logfile=$(mktemp /tmp/wsrep_recovery.XXXXXX)

I know I can patch the file, but we manage several of these systems with puppet and it becomes problematic to do so in bulk. I may temporarily create a puppet managed selinux policy that would allow the action, as a stopgap measure.

Here is a list of installed packages as well as their version numbers:

# rpm -qa | grep -i mariadb
 
MariaDB-compat-10.3.22-1.el7.centos.x86_64
 
MariaDB-common-10.3.22-1.el7.centos.x86_64
 
MariaDB-devel-10.3.22-1.el7.centos.x86_64
 
MariaDB-backup-10.3.22-1.el7.centos.x86_64
 
MariaDB-client-10.3.22-1.el7.centos.x86_64
 
MariaDB-server-10.3.22-1.el7.centos.x86_64

Thanks!

 Comments   
Comment by Jan Lindström (Inactive) [ 2021-06-23 ]

xlashmar Is this a real issue still or can I just close this as a not a bug ?

Comment by Xavier Lashmar [ 2021-06-24 ]

Hi Jan,

I will double check and let you know.

Xavier

Comment by Xavier Lashmar [ 2021-07-05 ]

Hi Jan,

I believe you are right this may not be a bug and I may have mis-identified this parameter when filing this report. Feel free to close it and thank you for checking.

Xavier

Generated at Thu Feb 08 09:08:27 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.