Re: selinux problem with httpd and mysql

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 7/8/05, Ankush Grover <ankush174@xxxxxxxxx> wrote:
> On 7/7/05, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote:
> > Ankush Grover wrote:
> >
> > >>Did you do the relabel after booting with selinux=0, as suggested by
> > >>Daniel Walsh?
> > >>
> > >># touch /.autorelabel
> > >># reboot
> > >>
> 
> I did /.autorelabel and then reboot the machine ,but nothing changed
> after the reboot.
> 
> 
> > Which policy are you running?  This looks like you are running an old one.
> 
> I have downloaded the latest policy
> selinux-policy-targeted-1.17.30-3.16.noarch.rpm
> policycoreutils-1.18.1-2.12.i386.rpm
> selinux-policy-targeted-sources-1.17.30-3.16.noarch.rpm
> checkpolicy-1.17.5-1.2.i386.rpm
> 
>  and then ran this command at the command prompt
> 
> 
> make -C /etc/selinux/targeted/src/policy reload
> 
> After that I did ran restorecon -R /var/lib/mysql.
> 
> Then I check the contexts of mysql
> 
> drwx------  mysql    mysql    system_u:object_r:mysqld_db_t    caredb
> -rw-rw----  mysql    mysql    system_u:object_r:mysqld_db_t    ibdata1
> -rw-rw----  mysql    mysql    system_u:object_r:mysqld_db_t    ib_logfile0
> -rw-rw----  mysql    mysql    system_u:object_r:mysqld_db_t    ib_logfile1
> drwx--x--x  mysql    root     system_u:object_r:mysqld_db_t    mysql
> srwxrwxrwx  mysql    mysql    system_u:object_r:mysqld_var_run_t mysql.sock
> drwxr-xr-x  mysql    root     system_u:object_r:mysqld_db_t    test
> -rw-rw----  mysql    mysql    system_u:object_r:mysqld_db_t
> work.delhi.net.pid
> 
> I think the contexts are right for mysql now.
> 
> But still the application is not running and in the logs
> 
> Jul  8 10:22:46 work kernel: audit(1120798366.929:0): avc:  denied  {
> connectto } for  pid=3692 exe=/usr/sbin/httpd
> path=/var/lib/mysql/mysql.sock scontext=root:system_r:httpd_t
> tcontext=root:system_r:unconfined_t tclass=unix_stream_socket
> 
> What next step should we take?
> 

I did this touch /.autorelabel.

Now the application is running but the contexts of mysql are

drwx------  mysql    mysql    system_u:object_r:mysqld_db_t    caredb
-rw-rw----  mysql    mysql    system_u:object_r:mysqld_db_t    ibdata1
-rw-rw----  mysql    mysql    system_u:object_r:mysqld_db_t    ib_logfile0
-rw-rw----  mysql    mysql    system_u:object_r:mysqld_db_t    ib_logfile1
drwx--x--x  mysql    root     system_u:object_r:mysqld_db_t    mysql
srwxrwxrwx  mysql    mysql    user_u:object_r:mysqld_var_run_t mysql.sock
drwxr-xr-x  mysql    root     system_u:object_r:mysqld_db_t    test
-rw-rw----  mysql    mysql    user_u:object_r:mysqld_db_t     
work.delhi.net.pid

Thanks & Regards

Ankush Grover
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux