[CentOS] Moving Mysql data directory denied by selinux?

Craig White craigwhite at azapple.com
Tue Oct 10 12:42:27 UTC 2006


On Tue, 2006-10-10 at 22:33 +1000, Peter Kiem wrote:
> Hi,
> 
> I'm trying to move the MySQL data directory to /home/mysql like I have 
> done with every other install I have done before but the difference is 
> this time I am trying to have SELinux active instead of turning it off.
> 
> I seem to need some help in
> a) Understanding what the selinux failure messages are saying; and
> b) How to correct the issue
> 
> I've read the selinux docs and all I got was a headache *sigh*
> 
> Now normally I just move /var/lib/mysql to /home/mysql and symlink it.  
> SELinux complains with
> Oct 10 21:21:59 intspare kernel: audit(1160479319.080:2): avc:  denied  
> { read } for  pid=15784 comm="mysqld" name="mysql" dev=dm-0 ino=1230340 
> scontext=root:system_r:mysqld_t tcontext=root:object_r:var_lib_t 
> tclass=lnk_file
> 
> Ok, I guess it doesnt like following symlinks so instead I edited 
> /etc/my.cnf to
> [mysqld]
> datadir=/home/mysql
> socket=/home/mysql/mysql.sock
> # Default to using old password format for compatibility with mysql 3.x
> # clients (those using the mysqlclient10 compatibility package).
> old_passwords=1
> 
> [mysql.server]
> user=mysql
> basedir=/home
> 
> 
> Now SELinux complains with
> Oct 10 22:04:27 intspare kernel: audit(1160481867.663:2): avc:  denied  
> { search } for  pid=3073 comm="mysqld" name="/" dev=dm-1 ino=2 
> scontext=user_u:system_r:mysqld_t tcontext=system_u:object_r:home_root_t 
> tclass=dir
> 
> WHY is mysqld trying to read / when I told it to use /home/mysql ?
> 
> BTW, here is the security contexts on /home/mysql
> # ls -laZ /home/
> drwxr-xr-x  mysql    mysql    system_u:object_r:mysqld_db_t    mysql
> 
> 
> Can anyone please shed some light on this for me?
> 
> What exactly is the avc message telling me and how do I fix it?
----
probably easier to use a 'bind' mount of /home/mysql at /var/lib/mysql
and then it will inherit the contexts of /var/lib/mysql

Craig




More information about the CentOS mailing list