[Commits] 6a72d15: MDEV-10767 /tmp/wsrep_recovery.${RANDOM} file created in unallowed SELinux context

sachin sachin.setiya at mariadb.com
Thu Aug 31 10:01:16 EEST 2017


revision-id: 6a72d154d6ec231eeff861496e4d07101ac41553 (mariadb-10.1.26-16-g6a72d15)
parent(s): dda40b930498b70bb5546f857b27744039a5649d
author: sachin
committer: sachin
timestamp: 2017-08-31 12:17:10 +0530
message:

MDEV-10767 /tmp/wsrep_recovery.${RANDOM} file created in unallowed SELinux context

Solution:- Allowed mysqld_t to open file with context initrc_tmp_t.

---
 support-files/policy/selinux/mariadb.te | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/support-files/policy/selinux/mariadb.te b/support-files/policy/selinux/mariadb.te
index 1d3de52..ae49a45 100644
--- a/support-files/policy/selinux/mariadb.te
+++ b/support-files/policy/selinux/mariadb.te
@@ -1,9 +1,16 @@
 module mariadb 1.0;
 
 require {
+        type mysqld_t;
         type mysqld_safe_t;
         class capability { setuid setgid };
+        class file { open };
+# Galera Requirements
+        type initrc_tmp_t;
 }
 
 #============= mysqld_safe_t ==============
 allow mysqld_safe_t self:capability { setuid setgid };
+
+#================ Galera ==================
+allow mysqld_t initrc_tmp_t:file{open};


More information about the commits mailing list