[MDEV-8878] Failed to start mariadb.service: Access denied Created: 2015-10-01  Updated: 2015-11-25  Resolved: 2015-11-25

Status: Closed
Project: MariaDB Server
Component/s: Admin statements
Affects Version/s: 10.0.21
Fix Version/s: N/A

Type: Bug Priority: Major
Reporter: Marco Assignee: Unassigned
Resolution: Cannot Reproduce Votes: 0
Labels: None
Environment:

Fedora release 22 (Twenty Two)


 Description   

I did a fresh install of fedora 22, then I installed dnf install mariadb-server.

After that I tried to start the service

systemctl start mariadb
Failed to start mariadb.service: Access denied

I know this is an issue wuth selinux, if I disable selinux everything works fine.

This is the error on messages
Oct 1 13:05:48 soprano audit: <audit-1107> pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied

{ start } for auid=1002 uid=0 gid=0 path="/usr/lib/systemd/system/mariadb.service" cmdline="systemctl start mariadb" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mysqld_unit_file_t:s0 tclass=service#012 exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'

and on audit.log

Is there a way to start fedora, without disable selinux.

Thanks
type=USER_AVC msg=audit(1443722877.675:3237): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { start }

for auid=1002 uid=0 gid=0 path="/usr/lib/systemd/system/mariadb.service" cmdline="systemctl start mariadb" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mysqld_unit_file_t:s0 tclass=service exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'

 Comments   
Comment by Elena Stepanova [ 2015-10-03 ]

Please check What to Do if MariaDB Doesn't Start KB page. It has a section about creating SELinux policies, hope it will help.

Comment by Petri Rautiainen [ 2015-10-24 ]

Tried to replicate this on two different Fedora 22 instances, one fresh and one that I personally use.

With old I tried my best to get the error, removed all SELinux rules regarding MySQL/MariaDB and could not get any errors.
With new instance I did not perform any post installation steps and entered directly to terminal running next commands:
sudo dnf install mariadb-server
sudo systemctl mariadb start

No errors or anything, MariaDB 10.0.21 runs perfectly.

SELinux on new instance:
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinut root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 29

Comment by Elena Stepanova [ 2015-10-24 ]

dunnock, thanks. Let's wait to hear from Ie94mhg whether he managed to resolve the problem, with instructions from the KB page or otherwise. If it was something that the KB does not cover, maybe we need to update it.

Comment by Marco [ 2015-10-27 ]

Hi. I did some test in other environment and everything works fine. This weekend I had the oportunity to reboot the server, after the rebooteverything works at spected. This was very strange.

Thanks, I think yo u can close this ticket.

Generated at Thu Feb 08 07:30:28 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.