Mysql Alert

tony at specialistdevelopment.com tony at specialistdevelopment.com
Fri Jan 8 10:47:49 UTC 2010 

Hi Guys,

Sorry to keep emailing the group but im determined to crack selinux  
and not just switch it off :)

I have moved my mysql root to /db01/mysql and have sym linked  
/var/lib/mysql to there as well just in case any apps still have mysql  
hard coded to the original location.

The alert im getting is this:

Summary:

SELinux is preventing /bin/bash "read" access on /var/lib/mysql.

Detailed Description:

SELinux denied access requested by mysqld_safe. It is not expected that this
access is required by mysqld_safe and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file a bug
report.

Additional Information:

Source Context                unconfined_u:system_r:mysqld_safe_t:s0
Target Context                system_u:object_r:mysqld_db_t:s0
Target Objects                /var/lib/mysql [ lnk_file ]
Source                        mysqld_safe
Source Path                   /bin/bash
Port                          <Unknown>
Host                          vm-lin-wb01
Source RPM Packages           bash-4.0.35-2.fc12
Target RPM Packages           mysql-server-5.1.41-2.fc12
Policy RPM                    selinux-policy-3.6.32-63.fc12
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Plugin Name                   catchall
Host Name                     vm-lin-wb01
Platform                      Linux vm-lin-wb01 2.6.31.9-174.fc12.i686.PAE #1
                               SMP Mon Dec 21 06:04:56 UTC 2009 i686 i686
Alert Count                   1
First Seen                    Fri Jan  8 10:06:33 2010
Last Seen                     Fri Jan  8 10:06:33 2010
Local ID                      f35cf4f8-9714-4d41-8f88-310f8cef5425
Line Numbers

Raw Audit Messages

node=vm-lin-wb01 type=AVC msg=audit(1262945193.369:25): avc:  denied   
{ read } for  pid=1267 comm="mysqld_safe" name="mysql" dev=dm-2  
ino=21498 scontext=unconfined_u:system_r:mysqld_safe_t:s0  
tcontext=system_u:object_r:mysqld_db_t:s0 tclass=lnk_file

node=vm-lin-wb01 type=SYSCALL msg=audit(1262945193.369:25):  
arch=40000003 syscall=195 success=no exit=-13 a0=9e04f88 a1=bff7924c  
a2=b5cff4 a3=9e04f88 items=0 ppid=1227 pid=1267 auid=501 uid=0 gid=0  
euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2  
comm="mysqld_safe" exe="/bin/bash"  
subj=unconfined_u:system_r:mysqld_safe_t:s0 key=(null)

All the contexts look correct to me, but have i missed something?  
would be grateful if anyone could point me in the right direction.

Thanks in advance :)

More information about the selinux mailing list