On Tue, 2007-08-21 at 09:31 +0200, [EMAIL PROTECTED] wrote:
> Hi.
> 
> When the MySQL server is launched, I get the following AVC denial
> 
> Aug  1 17:38:40 mv1 audit(1185982720.744:3): avc:  denied  { read }  
> for  pid=4663 comm="runscript.sh" name="my.cnf" dev=sda3 ino=620438  
> scontext=system_u:system_r:initrc_t  
> tcontext=system_u:object_r:mysqld_etc_t tclass=file
> 
> Obviousy, audit2allow tells me to add the following autorisation :
> allow initrc_t mysqld_etc_t:file read
> 
> I do not think that it generates any kind of weakness into the server  
> as only starting services have the initrc_t state and thus it may be  
> impossible (ar at least difficult) to corrupt theses services and then  
> tell them to access my.cnf when they start.

Yes, its just the init script that is doing something that reads your
my.cnf.

> However, I do not find any similar error on the web.
> 
> Am I they only one wo get this AVC denial ?

I guess the others that hit this just fixed it locally.  I'll take a
look at the Gentoo init script and fix it in the upstream policy as
needed.

-- 
Chris PeBenito
<[EMAIL PROTECTED]>
Developer,
Hardened Gentoo Linux
 
Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243
Key fingerprint = B0E6 877A 883F A57A 8E6A  CB00 BC8E E42D E6AF 9243

Attachment: signature.asc
Description: This is a digitally signed message part

Reply via email to