Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 159951 - Failure to start MySQL due to SELinux (socket issue)
Summary: Failure to start MySQL due to SELinux (socket issue)
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: mysql
Version: 3
Hardware: All
OS: Linux
medium
high
Target Milestone: ---
Assignee: Tom Lane
QA Contact: David Lawrence
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-06-09 16:30 UTC by Ignacio Vazquez-Abrams
Modified: 2013-07-03 03:06 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-07-20 15:19:00 UTC


Attachments (Terms of Use)

Description Ignacio Vazquez-Abrams 2005-06-09 16:30:37 UTC
mysql-server-(none):3.23.58-16.FC3.1.i386
selinux-policy-targeted-(none):1.17.30-2.96.noarch

When trying to start MySQL the following message appears in the system log:

Jun  9 12:22:49 ignacio kernel: audit(1118334169.246:0): avc:  denied  { create
} for  pid=24881 exe=/usr/libexec/mysqld scontext=root:system_r:mysqld_t
tcontext=root:system_r:mysqld_t tclass=netlink_route_socket

When enforcing is turned off the following messages appear:

Jun  9 12:24:52 ignacio kernel: audit(1118334292.059:0): avc:  denied  { create
} for  pid=24998 exe=/usr/libexec/mysqld scontext=root:system_r:mysqld_t
tcontext=root:system_r:mysqld_t tclass=netlink_route_socket
Jun  9 12:24:52 ignacio kernel: audit(1118334292.059:0): avc:  denied  { bind }
for  pid=24998 exe=/usr/libexec/mysqld scontext=root:system_r:mysqld_t
tcontext=root:system_r:mysqld_t tclass=netlink_route_socket
Jun  9 12:24:52 ignacio kernel: audit(1118334292.059:0): avc:  denied  { getattr
} for  pid=24998 exe=/usr/libexec/mysqld scontext=root:system_r:mysqld_t
tcontext=root:system_r:mysqld_t tclass=netlink_route_socket
Jun  9 12:24:52 ignacio kernel: audit(1118334292.059:0): avc:  denied  { write }
for  pid=24998 exe=/usr/libexec/mysqld scontext=root:system_r:mysqld_t
tcontext=root:system_r:mysqld_t tclass=netlink_route_socket
Jun  9 12:24:52 ignacio kernel: audit(1118334292.059:0): avc:  denied  {
nlmsg_read } for  pid=24998 exe=/usr/libexec/mysqld
scontext=root:system_r:mysqld_t tcontext=root:system_r:mysqld_t
tclass=netlink_route_socket
Jun  9 12:24:52 ignacio kernel: audit(1118334292.060:0): avc:  denied  { read }
for  pid=24998 exe=/usr/libexec/mysqld scontext=root:system_r:mysqld_t
tcontext=root:system_r:mysqld_t tclass=netlink_route_socket

and then it fails to start due to a timeout error.

A 'fixfiles restore' failed to fix this.

Comment 1 Tom Lane 2005-06-09 17:01:37 UTC
Dan, would you look at this?  It looks to me like a policy error (ie,
disallowing networking access to mysqld) rather than a bug in mysql.

Comment 2 Daniel Walsh 2005-07-20 15:19:00 UTC
Could you update to the latest policy available for FC3.

selinux-policy-targeted-1.17.30-3.19.noarch.rpm

It should be fixed there.


Note You need to log in before you can comment on or make changes to this bug.