Mysql Alert
Manuel Wolfshant
wolfy at nobugconsulting.ro
Fri Jan 8 11:45:33 UTC 2010
tony at specialistdevelopment.com wrote:
> Hi Guys,
>
> Sorry to keep emailing the group but im determined to crack selinux
> and not just switch it off :)
>
> I have moved my mysql root to /db01/mysql and have sym linked
> /var/lib/mysql to there as well just in case any apps still have mysql
> hard coded to the original location.
Use mount --bind instead of symlink
>
> The alert im getting is this:
>
> Summary:
>
> SELinux is preventing /bin/bash "read" access on /var/lib/mysql.
>
> Detailed Description:
>
> SELinux denied access requested by mysqld_safe. It is not expected
> that this
> access is required by mysqld_safe and this access may signal an intrusion
> attempt. It is also possible that the specific version or
> configuration of the
> application is causing it to require additional access.
>
> Allowing Access:
>
> You can generate a local policy module to allow this access - see FAQ
> (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file
> a bug
> report.
>
> Additional Information:
>
> Source Context unconfined_u:system_r:mysqld_safe_t:s0
> Target Context system_u:object_r:mysqld_db_t:s0
> Target Objects /var/lib/mysql [ lnk_file ]
> Source mysqld_safe
> Source Path /bin/bash
> Port <Unknown>
> Host vm-lin-wb01
> Source RPM Packages bash-4.0.35-2.fc12
> Target RPM Packages mysql-server-5.1.41-2.fc12
> Policy RPM selinux-policy-3.6.32-63.fc12
> Selinux Enabled True
> Policy Type targeted
> Enforcing Mode Enforcing
> Plugin Name catchall
> Host Name vm-lin-wb01
> Platform Linux vm-lin-wb01
> 2.6.31.9-174.fc12.i686.PAE #1
> SMP Mon Dec 21 06:04:56 UTC 2009 i686 i686
> Alert Count 1
> First Seen Fri Jan 8 10:06:33 2010
> Last Seen Fri Jan 8 10:06:33 2010
> Local ID f35cf4f8-9714-4d41-8f88-310f8cef5425
> Line Numbers
>
> Raw Audit Messages
>
> node=vm-lin-wb01 type=AVC msg=audit(1262945193.369:25): avc: denied
> { read } for pid=1267 comm="mysqld_safe" name="mysql" dev=dm-2
> ino=21498 scontext=unconfined_u:system_r:mysqld_safe_t:s0
> tcontext=system_u:object_r:mysqld_db_t:s0 tclass=lnk_file
>
> node=vm-lin-wb01 type=SYSCALL msg=audit(1262945193.369:25):
> arch=40000003 syscall=195 success=no exit=-13 a0=9e04f88 a1=bff7924c
> a2=b5cff4 a3=9e04f88 items=0 ppid=1227 pid=1267 auid=501 uid=0 gid=0
> euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2
> comm="mysqld_safe" exe="/bin/bash"
> subj=unconfined_u:system_r:mysqld_safe_t:s0 key=(null)
>
> All the contexts look correct to me, but have i missed something?
> would be grateful if anyone could point me in the right direction.
>
> Thanks in advance :)
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
Manuel Wolfshant linux registered user #131416
IT manager NoBug Consulting SRL
A: Yes.
>Q: Are you sure?
>>A: Because it reverses the logical flow of conversation.
>>>Q: Why is top posting frowned upon?
More information about the selinux
mailing list