Running the mysql command as a mortal user dies: $ mysql -hlocalhost -u MMMMMM -p MMMMMM Enter password: ERROR 2002: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (13) after throwing this avc message: May 24 21:34:19 pink kernel: audit(1085448859.069:0): avc: denied { search } for pid=4519 exe=/usr/bin/mysql name=mysql dev=dm-6 ino=129035 scontext=user_u:user_r:user_t tcontext=system_u:object_r:mysqld_db_t tclass=dir It's not able to search /var/lib/mysql to find the socket... A (slightly edited) grep shows us: [/etc/security/selinux/src/policy]3 find . | xargs grep mysqld_var_run | more ./domains/program/apache.te:allow httpd_php_t mysqld_var_run_t:dir { search }; ./domains/program/apache.te:allow httpd_php_t mysqld_var_run_t:sock_file { write }; ./domains/program/mysqld.te:allow mysqld_t mysqld_var_run_t:sock_file create_file_perms; ./domains/program/mysqld.te:allow initrc_t mysqld_var_run_t:sock_file write; ./domains/program/mysqld.te:allow logrotate_t mysqld_var_run_t:dir search; ./domains/program/mysqld.te:allow logrotate_t mysqld_var_run_t:sock_file write; ./file_contexts/program/mysqld.fc:/var/run/mysqld(/.*)? system_u:object_r:mysqld_var_run_t ./file_contexts/file_contexts:/var/run/mysqld(/.*)? system_u:object_r:mysqld_var_run_t Does anybody see a good reason why we don't have this too: mysqld.te: allow mysql_cmd_t mysqld_var_run_t:dir search; mysqld.te: allow mysql_cmd_t mysqld_var_run_t:sock_file write; and add this to mysqld.fc: /usr/bin/mysql system_u:object_r:mysql_cmd_t (or the correct version thereof, it's way too late to think straight.. ;)