MySQL's LOAD DATA INFILE statement
Miroslav Grepl
mgrepl at redhat.com
Mon Jan 9 10:17:54 UTC 2012
On 01/09/2012 04:39 AM, Marcio B. Jr. wrote:
> Hi Dominick, thanks for answering.
>
> This is a really unusual situation. So far I cannot explain why but
> after re-enabling enforcement for more tests, statement happened to
> work just as it did with permissive state.
>
> I've used "semodule -DB" and reproduced issue in both states. Still no
> logs. Testing will continue.
>
>
> Regards,
>
>
Make sure auditd is running.
# service auditd status
You should see AVC msgs in /var/log/audit/audit.log or you can use the
ausearch tool
# ausearch -m avc -ts recent
Also you should use a newer version of Fedora which is supported
(Fedora15+).
> On Sat, Jan 7, 2012 at 8:01 AM, Dominick Grift<dominick.grift at gmail.com> wrote:
>> On Sat, 2012-01-07 at 02:26 -0300, Marcio B. Jr. wrote:
>>> Hi,
>>> I'm incurring some problems with MySQL and SELinux, and I need help.
>>>
>>> Running a 64-bit Fedora 12 with mysql-server-5.1.47-2.fc12.x86_64.
>>>
>>> $ ps -eZ | grep mysqld
>>> system_u:system_r:mysqld_safe_t:s0 1321 ? 00:00:00 mysqld_safe
>>> system_u:system_r:mysqld_t:s0 1410 ? 00:00:01 mysqld
>>>
>>> My problem is:
>>> it is only possible to use "LOAD DATA INFILE" statement if SELinux is
>>> in its permissive state.
>> This event may have been silently denied.
>> To reproduce the issue and expose silent denials:
>>
>> run: semodule -DB
>> reproduce the issue
>> see if there is now an AVC denial displayed that is related to your
>> issue
>> run: semodule -B
>>
>>
>> --
>> selinux mailing list
>> selinux at lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
>
> Marcio Barbado, Jr.
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
More information about the selinux
mailing list