[CentOS] Unable to apply mysqld_db_t to mysql directory

Mon Oct 23 16:26:04 UTC 2017
Bernard Fay <bernard.fay at gmail.com>

Interesting to see the Equivalence. As a first thing, I tried:

semanage fcontext -a -e /var/lib/mysql.old /var/lib/mysql
then
restorecon -R /var/lib/mysql


# semanage fcontext -lC
SELinux fcontext                                   type
Context

/home/users(/.*)?                                  all files
system_u:object_r:user_home_dir_t:s0
/var/lib/mysql                                     all files
system_u:object_r:mysqld_db_t:s0
/var/lib/mysql(/.*)?                               all files
system_u:object_r:mysqld_db_t:s0

SELinux Local fcontext Equivalence

./mysql = ./mysql.old
/var/lib/mysql = /var/lib/mysql.old
mysql = ./mysql.old




On Mon, Oct 23, 2017 at 10:27 AM, James Hogarth <james.hogarth at gmail.com>
wrote:

> On 23 October 2017 at 13:33, Bernard Fay <bernard.fay at gmail.com> wrote:
> > Hello,
> >
> > A server was configured in /var/lib/myslq in the root fs.  I added a LV
> > specifically for mysql.  I stopped myql and renamed /var/lib/mysql to
> > /var/lib/mysql.old.  I created a new dir /var/lib/mysql and mounted the
> LV
> > on /var/lib/mysql.  I then copied with "cp -prZ" all mysql files in
> > /var/lib/mysql.old to /var/lib/mysql.
> >
> > But then I got a selinux problem:
> > # ls -ldZ mysql.old/ mysql
> > drwxr-xr-x. mysql mysql system_u:object_r:var_lib_t:s0   mysql
> > drwxr-xr-x. mysql mysql system_u:object_r:mysqld_db_t:s0 mysql.old/
> >
> > I tried to changed the context on mysql with the following commands:
> >
> > # semanage fcontext -a -t mysqld_db_t "/var/lib/mysql(/.*)?"
> > # restorecon -R -v /var/lib/mysql
> >
> > But the /var/lib/mysql directory didn't take the change as you can see
> > below:
> > # ls -ldZ mysql.old/ mysql
> > drwxr-xr-x. mysql mysql system_u:object_r:var_lib_t:s0   mysql
> > drwxr-xr-x. mysql mysql system_u:object_r:mysqld_db_t:s0 mysql.old/
> >
> >
> > How can I fix the wrong context on mysql directory?
> > Thanks,
> >
>
> /var/lib/mysql is already in default policy - no need to add anything there
>
> can you please provide the output of 'semanage fcontext -lC' so that
> we can see any local selinux modifications made?
>
> From base policy with nothing added, for that directory, you *should*
> be able to just restorecon -Rv /var/lib/mysql and have the correct
> labelling.
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos
>