Hi, Sachin!
On Aug 31, sachin wrote:
> revision-id: 6a72d154d6ec231eeff861496e4d07101ac41553
> (mariadb-10.1.26-16-g6a72d15)
> parent(s): dda40b930498b70bb5546f857b27744039a5649d
> author: sachin
> committer: sachin
> timestamp: 2017-08-31 12:17:10 +0530
> message:
>
> MDEV-10767 /tmp/wsrep_recovery.${RANDOM} file created in unallowed SELinux
> context
>
> Solution:- Allowed mysqld_t to open file with context initrc_tmp_t.
Why does the server need it?
I've only found scripts/galera_recovery.sh, that does:
log_file=$(mktemp /tmp/wsrep_recovery.XXXXXX)
/usr/sbin/mysqld $cmdline_args --user=$user --wsrep_recover
--log-error="$log_file"
For that use case, I wouldn't bother with a new selinux policy, it'd be
safer to do
log_file=$(mktemp /tmp/wsrep_recovery.XXXXXX)
/usr/sbin/mysqld $cmdline_args --user=$user --wsrep_recover --disable-log-error
2>"$log_file"
Note, that the similar piece of code is used in mysqld_safe.sh, only
there it uses DATADIR/wsrep_recovery.XXXXXX, apparently somebody's
attempt to work around selinux. Better to make it identical to
galera_recovery.sh, I'd say.
Regards,
Sergei
Chief Architect MariaDB
and [email protected]
_______________________________________________
Mailing list: https://launchpad.net/~maria-developers
Post to : [email protected]
Unsubscribe : https://launchpad.net/~maria-developers
More help : https://help.launchpad.net/ListHelp
