selinux problem with httpd and mysql
Ankush Grover
ankush174 at gmail.com
Fri Jul 8 05:04:16 UTC 2005
On 7/7/05, Daniel J Walsh <dwalsh at redhat.com> wrote:
> Ankush Grover wrote:
>
> >>Did you do the relabel after booting with selinux=0, as suggested by
> >>Daniel Walsh?
> >>
> >># touch /.autorelabel
> >># reboot
> >>
I did /.autorelabel and then reboot the machine ,but nothing changed
after the reboot.
> Which policy are you running? This looks like you are running an old one.
I have downloaded the latest policy
selinux-policy-targeted-1.17.30-3.16.noarch.rpm
policycoreutils-1.18.1-2.12.i386.rpm
selinux-policy-targeted-sources-1.17.30-3.16.noarch.rpm
checkpolicy-1.17.5-1.2.i386.rpm
and then ran this command at the command prompt
make -C /etc/selinux/targeted/src/policy reload
After that I did ran restorecon -R /var/lib/mysql.
Then I check the contexts of mysql
drwx------ mysql mysql system_u:object_r:mysqld_db_t caredb
-rw-rw---- mysql mysql system_u:object_r:mysqld_db_t ibdata1
-rw-rw---- mysql mysql system_u:object_r:mysqld_db_t ib_logfile0
-rw-rw---- mysql mysql system_u:object_r:mysqld_db_t ib_logfile1
drwx--x--x mysql root system_u:object_r:mysqld_db_t mysql
srwxrwxrwx mysql mysql system_u:object_r:mysqld_var_run_t mysql.sock
drwxr-xr-x mysql root system_u:object_r:mysqld_db_t test
-rw-rw---- mysql mysql system_u:object_r:mysqld_db_t
work.delhi.net.pid
I think the contexts are right for mysql now.
But still the application is not running and in the logs
Jul 8 10:22:46 work kernel: audit(1120798366.929:0): avc: denied {
connectto } for pid=3692 exe=/usr/sbin/httpd
path=/var/lib/mysql/mysql.sock scontext=root:system_r:httpd_t
tcontext=root:system_r:unconfined_t tclass=unix_stream_socket
What next step should we take?
Thanks & Regards
Ankush Grover
More information about the fedora-list
mailing list