Robin Bowes wrote:
> Yeah, good ole SELinux. I can knock together a custom policy to make it
> work, but how to distribute that is a different issue.
Ok, I *think* I have a fix for the SELinux issue which can be
distributed in the RPM.
But, it would be preferable to have mysql-related stuff in its own
directory, i.e. /var/cache/squeezecenter/mysql - actually, I'd prefer
/var/lib/squeezecenter/mysql, but that's an FHS argument not SELinux! :)
Something like this will fix most things:
semanage fcontext -a -t mysqld_db_t "/var/cache/squeezecenter"
But it would be better to put the mysql stuff in its own directory and
use something like:
semanage fcontext -a -t mysqld_db_t "/var/cache/squeezecenter/mysql"
This sets the context permanently so it will be re-applied if restorecon
is run. It will also be necessary to set the contexts immediately using
chcon; something like this:
chcon -t mysql_db_t /var/cache/squeezecenter
(before squeezecenter is run)
This leaves one error - mysql is trying to bind to port 9092, which it
is not able to do with the default SELinux settings.
There are two possibilities to fix this:
1. Stop it trying to listen on port 9092. Does it need to do this?
Doesn't squeezecenter use the socket file to connect to the server? Can
we prevent it from binding to a tcp port?
2. It should be possible to use an "semanage ..." command to allow
mysqld to listen on port 9092 - I just don't know how to do it yet!
So, in summary, the RPM should do this:
If SELinux is enabled {
semanage fcontext -a -t mysqld_db_t "/var/cache/squeezecenter"
chcon -t mysql_db_t /var/cache/squeezecenter
}
Plus, the tcp port binding needs sorting out - I'll work on that.
R.
_______________________________________________
beta mailing list
[email protected]
http://lists.slimdevices.com/lists/listinfo/beta
