mysql_upgrade selinux issues
Dominick Grift
domg472 at gmail.com
Fri Jan 14 14:31:37 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01/14/2011 03:28 PM, Luciano Furtado wrote:
> when I run audit2allow I get the following:
>
> #============= mysqld_t ==============
> allow mysqld_t bin_t:dir search;
> allow mysqld_t bin_t:file { read execute };
> allow mysqld_t bin_t:lnk_file read;
> allow mysqld_t shell_exec_t:file { read execute getattr
> execute_no_trans };
I would probably just allow the above. looks like it wants to run mysql
command which i guess is labelled bin_t.
corecmd_exec_bin(mysqld_t)
corecmd_exec_shell(mysqld_t)
should be suffice i believe
> What's the proper fix here? I dont want to give the mysqld_t permission
> to execute arbitrary scripts. The only solution I have right now is to
> relabel mysql_upgrade so it runs as unconfined, and that's not much of
> a solution.
>
>
>
>
>
> Best Regards.
> Luciano
- --
selinux mailing list
selinux at lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk0wXkkACgkQMlxVo39jgT/vqQCgs+I9ZbPKM8tfSRnh3Kybfm/4
3WoAnRFU5M7MH9wv1fclWmCGnV7cH2Xe
=iMIN
-----END PGP SIGNATURE-----
More information about the selinux
mailing list