On Thu, 2005-12-08 at 14:31 -0500, Chuck Anderson wrote:
I've disabled SELinux protection of mysqld since it was causing
major
performance problems.
More information about those performance problems would be of interest.
This fixed the problem. However, is mysqld supposed to be running as
initrc_t instead of unconfined_t when mysqld_disable_trans is set?
In FC4 and later, yes. FC4 re-introduced the use of separate initial
domains for system initialization, transitioning later to unconfined_t,
rather than starting the system in unconfined_t as in FC3, which allows
some useful distinctions to be made. But in targeted policy, initrc.te
contains unconfined_domain(initrc_t), so it still ends up with full
permissions.
--
Stephen Smalley
National Security Agency