Re: MySQL's LOAD DATA INFILE statement
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01/07/2012 12:26 AM, Marcio B. Jr. wrote:
Hi, I'm incurring some problems with MySQL and SELinux, and I
need
help.
Running a 64-bit Fedora 12 with mysql-server-5.1.47-2.fc12.x86_64.
$ ps -eZ | grep mysqld system_u:system_r:mysqld_safe_t:s0 1321 ?
00:00:00 mysqld_safe system_u:system_r:mysqld_t:s0 1410 ?
00:00:01 mysqld
My problem is: it is only possible to use "LOAD DATA INFILE"
statement if SELinux is in its permissive state.
Strangely, logs below show no avc denial (all I can tell from them
is Chinese tried to break into, and last line probably refers to
when I added mysql user to some group I created). But statement
won't work in enforcing state. Nothing gives me any tip concerning
the referred MySQL statement issue.
# cat /var/log/audit/audit.log | grep mysql type=USER_LOGIN
msg=audit(1305401554.802:34): user pid=2229 uid=0 auid=4294967295
ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023
msg='op=login acct="mysql" exe="/usr/sbin/sshd" hostname=?
addr=218.241.236.69 terminal=sshd res=failed' type=USER_LOGIN
msg=audit(1305401556.759:36): user pid=2229 uid=0 auid=4294967295
ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023
msg='op=login acct="mysql" exe="/usr/sbin/sshd" hostname=?
addr=218.241.236.69 terminal=sshd res=failed' type=USER_LOGIN
msg=audit(1305404558.850:1653): user pid=3709 uid=0 auid=4294967295
ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023
msg='op=login acct="mysql" exe="/usr/sbin/sshd" hostname=?
addr=218.241.236.69 terminal=sshd res=failed' type=USER_LOGIN
msg=audit(1305404560.536:1655): user pid=3709 uid=0 auid=4294967295
ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023
msg='op=login acct="mysql" exe="/usr/sbin/sshd" hostname=?
addr=218.241.236.69 terminal=sshd res=failed' type=USER_LOGIN
msg=audit(1305404563.834:1656): user pid=3711 uid=0 auid=4294967295
ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023
msg='op=login acct="mysql" exe="/usr/sbin/sshd" hostname=?
addr=218.241.236.69 terminal=sshd res=failed' type=USER_LOGIN
msg=audit(1305404566.207:1658): user pid=3711 uid=0 auid=4294967295
ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023
msg='op=login acct="mysql" exe="/usr/sbin/sshd" hostname=?
addr=218.241.236.69 terminal=sshd res=failed' type=ADD_GROUP
msg=audit(1322849937.081:18): user pid=1989 uid=0 auid=4294967295
ses=4294967295 subj=system_u:system_r:useradd_t:s0-s0:c0.c1023
msg='op=adding group acct="mysql" exe="/usr/sbin/useradd"
hostname=? addr=? terminal=? res=success'
Firstly, where could that avc denial be in?
And, well, I want to keep SELinux enforcing its policies, except
for what is needed in order to make "LOAD DATA INFILE" work.
So, what would be the proper way to achieve that?
Marcio Barbado, Jr. -- selinux mailing list
selinux(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
Please update to a supported OS, F15 or 16. 12 is way out of date.
Nothing in your log indicates SELinux is blocking anything.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk8LISQACgkQrlYvE4MpobNWuACgli4K9/DQnQ7rCrw4qblL1jty
vvIAnAyQ4YEW1kbHU0j+MWCXao5ggBvR
=Bbnw
-----END PGP SIGNATURE-----