[CentOS] SELinux and daemons - clever way to change default locations?

Florin Andrei

florin at andrei.myip.org
Fri Apr 20 22:03:07 UTC 2007


I'm sure you've seen this before:

You need to slightly tweak the default installation of a major daemon - 
let's say you're running a big MySQL database and you need to put it on 
a different filesystem, mounted (for example) as /db
So you move /var/lib/mysql to /db/mysql (and preserve all the file 
attributes, including SELinux), change /etc/my.cnf accordingly, start 
mysqld - and it doesn't work.
It turns out you need to tweak SELinux - test the daemon, run 
audit2allow on the audit log, tweak the policy, test again, repeat until 
it works.

I did this many times, but it strikes me as an inefficient process. 
Sure, you only do it once per install, but still.

I wish there was a simple way to tell SELinux "I moved the MySQL datadir 
(or the Squid cache dir, or the Cyrus-IMAPd spool) to this new location, 
but everything else stays the same, please stop bugging me."

Any ideas?

-- 
Florin Andrei

http://florin.myip.org/



More information about the CentOS mailing list