[CentOS] Moving Mysql data directory denied by selinux?

Tue Oct 10 14:40:50 UTC 2006
John Allen <john.allen at dublinux.net>

Peter Kiem wrote:
> Hi Jim,
>> > Now normally I just move /var/lib/mysql to /home/mysql and symlink
>> > it.
>>  Um... why? This seems like it would be more trouble than it's worth.
>>  and with the symlink, I don't see the benefit.
> The reason I move it is because I usually make my systems with a 
> 'small' / partition (say 10GB) and a large /home partition.
Thats the reason for a /var partition. I always have a huge var (400+G), 
and a small home (40G)

All my samba shares (usually just /var/ftp/pub) go in /var
> It is very easy to have large MySQL databases sitting in the default 
> location then use up all space on the / partition which causes all 
> sorts of havoc.
> By moving it off to the /home partition it is moved to where the 
> majority of the space is available and away from system data.  MySQL 
> databases are user data and should be in the user area.
> The symlink allows you then to just start MySQL without changing any 
> of the config files and anything else that expects it to be in 
> /var/lib/mysql can still find it.
>>  This is really how you should move the data directory anyway. Faking
>>  it as you were doing works, but it's not 'proper'.
> Symlinks were created for this very reason.
>> > WHY is mysqld trying to read / when I told it to use /home/mysql ?
>>  Because you have to get to / before you can get to /home/ and
>>  /home/mysql.. Directory traversal vulnerabilities are quite
>>  commonplace, which is why you see all the
>>  $DOCUMENT_ROOT/../../../etc/somedir/ type attempts in logs
>>  occasionally for things like apache.
> Well doesn't it have to traverse / to get to the default location of 
> /var/lib/mysql anyway?
> I can see where it may not have permission for /home but surely 
> everything can start at / ?