Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1694679 - SELinux blocks working in /tmp directory for wsrep_recover_position function
Summary: SELinux blocks working in /tmp directory for wsrep_recover_position function
Status: POST
Alias: None
Product: Red Hat Software Collections
Classification: Red Hat
Component: mariadb
Version: rh-mariadb102
Hardware: Unspecified
OS: Unspecified
Target Milestone: alpha
: 3.3
Assignee: Michal Schorm
QA Contact: qe-baseos-daemons
Depends On:
TreeView+ depends on / blocked
Reported: 2019-04-01 11:38 UTC by Michal Schorm
Modified: 2019-04-08 12:22 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed:
Target Upstream Version:

Attachments (Terms of Use)

Comment 2 Michal Schorm 2019-04-02 15:19:38 UTC
The issue emerged by following fix in 10.2.10:

Comment 3 Michal Schorm 2019-04-03 00:10:03 UTC
The behaviour is correct and expected.
We need to fix the script that want to do stuff in /tmp, instead of the SELinux rules.

We already fixed this in RHSCL MariaDB 10.1 collection, so this is a regression.

The issue is reproducible only on RHEL6, since we don't execuse mysqld_safe with systemd service, as we do it in sysVinit.
No later software collections are hit, since MariaDB 10.3 collection isn't shipped on RHEL6.


For more info look at the fix in 10.1 collection:


Upstream changed location of the temporary file in the wsrep_recover_position function, which causes issues on RHEL-6, because mysqld_safe is not expected to play with files in /tmp, and SELinux started to complain.

Changing the location of the temporary files to the datadir means practically reverting part of the upstream commit

Upstream issue:

Comment 4 Michal Schorm 2019-04-08 12:22:39 UTC
QA note:
  Can be tested by service starting on RHEL 6.

Note You need to log in before you can comment on or make changes to this bug.