[#MDEV-32914] Have a mycnf2allow script to generate SElinux policies from my.cnf configuration

[MDEV-32914] Have a mycnf2allow script to generate SElinux policies from my.cnf configuration Created: 2023-11-30 Updated: 2023-12-14
Status:	Open
Project:	MariaDB Server
Component/s:	Scripts & Clients
Fix Version/s:	None

Type:

New Feature

Priority:

Minor

Reporter:

Hartmut Holzgraefe

Assignee:

Unassigned

Resolution:

Unresolved

Votes:

Labels:

None

Description

When using custom paths for e.g. datadir nad having SElinux in "enforcing" mode MariaDB server startup will fail with "permission denied" errors as SElinux policies for MariaDB only allow access to the know default paths like datadir=/var/lib/mysql

So SElinux policies need to be adjusted either using manual selinux fcontext calls, or with the help of the audit2allow utility, both requiring some linux adminstration skills and general understanding of SElinux that not necessarily everyone has.

So it would be nice to have mycnf2allow (naming up to debate) utility that parses the my.cnf configuration to determine all custom path settings and generates the necessary policy information in one simple step.

Generated at Thu Feb 08 10:34:59 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.

[MDEV-32914] Have a mycnf2allow script to generate SElinux policies from my.cnf configuration Created: 2023-11-30 Updated: 2023-12-14