CentOS 5 buildbot, SELinux

Let me know if other VMs need the same thing done to them and/or if we need to do more to the CentOS VMs.

Yes, thanks, lets wait and see how the next buildbot run goes (I don't want to trigger re-run now since the buildbot is busy as it is, and our question is not urgent).

Is this issue resolved now?

We haven't had a new Galera build in buildbot since then, so the status is still unknown.

We finally have a new build. Strangely, the fix worked for amd64, but not for x86.
amd64 (good):http://buildbot.askmonty.org/buildbot/builders/kvm-rpm-centos5-amd64/builds/2016/steps/test/logs/stdio
x86 (not good): http://buildbot.askmonty.org/buildbot/builders/kvm-rpm-centos5-x86/builds/2285/steps/test/logs/stdio

If you are sure that x86 was modified, I'll try later to see what else might cause the problem, but it looks very much like the previous one

I've checked both of the x86 VMs,

• vm-centos5-i386-install.qcow2
• vm-centos6-i386-install.qcow2

And they both have SELINUX=permissive set.

Very strange that the fix on amd64 worked and the exact same fix on x86 didn't.

It means I'll need to repeat the same exercise of manually reproducing the problem in a cloned VM to see what's going on there.

Hi Daniel,

It turns out that wsrep crashes when the server is run with an old version of libgcc. The VM (vm-centos5-i386-install.qcow2) has
libgcc.i386 4.1.2-44.el5

while currently available is
libgcc i386 4.1.2-54.el5

I'll file a bug report for Galera so Codership could check why it crashes, but meanwhile we might upgrade the library in the VM (or maybe not, I don't know what our VM upgrade policies are). If you think it makes sense to upgrade, please go ahead; if not, please close this issue as fixed, since the initial one with SELinux has been resolved anyway.

I'm fine with upgrading the library in the VM

If you do that, could you please backup a VM image with the old library, so I could re-test the fix if the bug is fixed?
(the bug was filed as MDEV-4344)

With the new version of Galera, SELinux breaks tests on RHEL5 (I've seen and checked failures on x86, but I suppose it's the same on amd64, it just currently lags behind).
The failure is a bit different, it hides inside the init script, and shows up in messages as follows:

SELinux is preventing the mysqld from using potentially mislabeled files (./tmp.wBeQpv4640). For complete SELinux messages. run sealert -l 3efbde02-94d1-4e88-88ce-88a8a5cd3987

Switching to Permissive fixes it, please do so for Galera tests.

I suppose if we don't want to duplicate VM images and don't want to change it for regular tests, we can switch it off dynamically for the test, adding a conditional step
sudo bash -c "echo 0 > /selinux/enforce"
or alike.

RHEL and CentOS builders are green now, closing as fixed.