1berry/MariaDB-server
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

MDEV-27635: selinux: allow read of /proc/sys/kernel/core_pattern

Browse Source 
Prevent the error:

setroubleshoot[23678]: SELinux is preventing /usr/libexec/mysqld from read access on the file core_pattern.

Reading of the core pattern occurs on crash as added in MDEV-15051

RHEL-7.7

$  ls -laZ /proc/sys/kernel/core_pattern
-rw-r--r--. root root system_u:object_r:usermodehelper_t:s0 /proc/sys/kernel/core_pattern
This commit is contained in:
Daniel Black 2020-05-21 16:19:49 +10:00 committed by Daniel Black
parent 68b3fa8865
commit 8b3b73808d
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
support-files/policy/selinux/mariadb-server.te
View File

@ -77,6 +77,7 @@ allow mysqld_t user_tmp_t:dir { write add_name };
allow mysqld_t user_tmp_t:file create;
allow mysqld_t bin_t:lnk_file read;
allow mysqld_t tmp_t:file { append create read write open getattr unlink setattr };
allow mysqld_t usermodehelper_t:file { read open };
# Allows too much leeway - the xtrabackup/wsrep rules in fc should fix it, but
# keep for the moment.