Mysql Alert

Manuel Wolfshant wolfy at nobugconsulting.ro
Fri Jan 8 11:45:33 UTC 2010 

tony at specialistdevelopment.com wrote:
> Hi Guys,
>
> Sorry to keep emailing the group but im determined to crack selinux 
> and not just switch it off :)
>
> I have moved my mysql root to /db01/mysql and have sym linked 
> /var/lib/mysql to there as well just in case any apps still have mysql 
> hard coded to the original location.
Use mount --bind instead of symlink




>
> The alert im getting is this:
>
> Summary:
>
> SELinux is preventing /bin/bash "read" access on /var/lib/mysql.
>
> Detailed Description:
>
> SELinux denied access requested by mysqld_safe. It is not expected 
> that this
> access is required by mysqld_safe and this access may signal an intrusion
> attempt. It is also possible that the specific version or 
> configuration of the
> application is causing it to require additional access.
>
> Allowing Access:
>
> You can generate a local policy module to allow this access - see FAQ
> (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file 
> a bug
> report.
>
> Additional Information:
>
> Source Context                unconfined_u:system_r:mysqld_safe_t:s0
> Target Context                system_u:object_r:mysqld_db_t:s0
> Target Objects                /var/lib/mysql [ lnk_file ]
> Source                        mysqld_safe
> Source Path                   /bin/bash
> Port                          <Unknown>
> Host                          vm-lin-wb01
> Source RPM Packages           bash-4.0.35-2.fc12
> Target RPM Packages           mysql-server-5.1.41-2.fc12
> Policy RPM                    selinux-policy-3.6.32-63.fc12
> Selinux Enabled               True
> Policy Type                   targeted
> Enforcing Mode                Enforcing
> Plugin Name                   catchall
> Host Name                     vm-lin-wb01
> Platform                      Linux vm-lin-wb01 
> 2.6.31.9-174.fc12.i686.PAE #1
>                               SMP Mon Dec 21 06:04:56 UTC 2009 i686 i686
> Alert Count                   1
> First Seen                    Fri Jan  8 10:06:33 2010
> Last Seen                     Fri Jan  8 10:06:33 2010
> Local ID                      f35cf4f8-9714-4d41-8f88-310f8cef5425
> Line Numbers
>
> Raw Audit Messages
>
> node=vm-lin-wb01 type=AVC msg=audit(1262945193.369:25): avc:  denied  
> { read } for  pid=1267 comm="mysqld_safe" name="mysql" dev=dm-2 
> ino=21498 scontext=unconfined_u:system_r:mysqld_safe_t:s0 
> tcontext=system_u:object_r:mysqld_db_t:s0 tclass=lnk_file
>
> node=vm-lin-wb01 type=SYSCALL msg=audit(1262945193.369:25): 
> arch=40000003 syscall=195 success=no exit=-13 a0=9e04f88 a1=bff7924c 
> a2=b5cff4 a3=9e04f88 items=0 ppid=1227 pid=1267 auid=501 uid=0 gid=0 
> euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 
> comm="mysqld_safe" exe="/bin/bash" 
> subj=unconfined_u:system_r:mysqld_safe_t:s0 key=(null)
>
> All the contexts look correct to me, but have i missed something? 
> would be grateful if anyone could point me in the right direction.
>
> Thanks in advance :)
>
> -- 
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list


-- 
     Manuel Wolfshant       linux registered user #131416
        IT manager    NoBug Consulting SRL
  A: Yes.
  >Q: Are you sure?
  >>A: Because it reverses the logical flow of conversation.
  >>>Q: Why is top posting frowned upon?

More information about the fedora-selinux-list mailing list