Re: service mysql start on Red Hat Enterprise Linux ES release 4 (Nahant)

Mon, 02 Oct 2006 11:37:39 -0700 

On Mon, Oct 02, 2006 at 06:51:05AM -0600, C. Ed Felt wrote:
>    * If I just "reboot" the server, mysql does not start (though it is
>      set to start on boot):
>      tail /var/log/messages
>      Oct  2 07:25:42 mt11 kernel: audit(1159788342.728:0): avc: 
>      denied  { append } for  pid=4756 exe=/usr/sbin/mysqld
>      path=/var/lib/mysql/mt11.caflo.com.err dev=dm-3 ino=1687799
>      scontext=user_u:system_r:mysqld_t tcontext=root:object_r:var_lib_t
>      tclass=file
>      Oct  2 07:25:42 mt11 kernel: audit(1159788342.728:0): avc: 
>      denied  { append } for  pid=4756 exe=/usr/sbin/mysqld
>      path=/var/lib/mysql/mt11.caflo.com.err dev=dm-3 ino=1687799
>      scontext=user_u:system_r:mysqld_t tcontext=root:object_r:var_lib_t
>      tclass=file
>      Oct  2 07:25:42 mt11 kernel: audit(1159788342.735:0): avc: 
>      denied  { write } for  pid=4756 exe=/usr/sbin/mysqld name=mysql
>      dev=dm-3 ino=1687745 scontext=user_u:system_r:mysqld_t
>      tcontext=root:object_r:var_lib_t tclass=dir
>      Oct  2 07:25:42 mt11 kernel: audit(1159788342.766:0): avc: 
>      denied  { read write } for  pid=4756 exe=/usr/sbin/mysqld
>      name=ibdata1 dev=dm-3 ino=1687800
>      scontext=user_u:system_r:mysqld_t tcontext=root:object_r:var_lib_t
>      tclass=file
>      Oct  2 07:26:17 mt11 lsb_log_message:  failed

This really is not a complicated issue to resolve. Just pipe this
through ``audit2allow'' to get allow rules for this failure.

Mike
.___________________________________________________________________.
                         Michael A. Halcrow                          
       Security Software Engineer, IBM Linux Technology Center       
GnuPG Fingerprint: 419C 5B1E 948A FA73 A54C  20F5 DB40 8531 6DCA 8769

The world will end in 5 minutes.  Please log out.

Attachment: signature.asc
Description: Digital signature

/*
PLUG: http://plug.org, #utah on irc.freenode.net
Unsubscribe: http://plug.org/mailman/options/plug
Don't fear the penguin.
*/

Reply via email to