Hi,
Today I have updated a CentOS 6.8 system that has MariaDB-server installed from http://yum.mariadb.org/5.5/centos6-amd64 and found that I had an SELinux issue. I know this is not really CentOS related, but thought I would check if anyone else on this list uses this repository and has also seen a problem ?
Using the information at https://wiki.centos.org/HowTos/SELinux I have created a local policy that seems to fix things
module marialocal 1.0;
require { type mysqld_safe_t; class capability { setuid setgid }; }
#============= mysqld_safe_t ==============
allow mysqld_safe_t self:capability setgid; allow mysqld_safe_t self:capability setuid;
My own research suggests this is reasonably safe, but does anyone see a reason why this shouldn't be used ?
It may be useful to know that the particular rpms are MariaDB-server-5.5.54-1.el6.x86_64 and selinux-policy-3.7.19-292.el6_8.2.noarch.
Thanks for any feedback, and Happy New Year :)
On 01/04/2017 01:46 PM, Clint Dilks wrote:
My own research suggests this is reasonably safe, but does anyone see a reason why this shouldn't be used ?
Not really, but if you start this with systemd, using the service file Red Hat distributes, then it isn't necessary because systemd will have already switched uid/gid to launch mysqld.
On Thu, Jan 5, 2017 at 4:01 PM, Gordon Messmer gordon.messmer@gmail.com wrote:
On 01/04/2017 01:46 PM, Clint Dilks wrote:
My own research suggests this is reasonably safe, but does anyone see a reason why this shouldn't be used ?
Not really, but if you start this with systemd, using the service file Red Hat distributes, then it isn't necessary because systemd will have already switched uid/gid to launch mysqld.
Thanks for the response, but as this is CentOS 6 systemd isn't a factor :)
-
Clint Dilks -
Clint Dilks -
Gordon Messmer