← Back to team overview

mylvmbackup-discuss team mailing list archive

Re: Support for SE Linux



On 03/20/2009 03:59 PM, Morgan Tocker wrote:

> The problem was that the security context of the innodb data file at
> the temporary recovery locatio) did not allow mysql to open it
> (permission denied).

Ah, I assume because we spawn /usr/sbin/mysqld and SE Linux restricts the
process in accessing files outsite of the default data directory.

> I would love to paste the error log, but it was on a customer's
> machine... and for the same reason that they cared enough to use SE
> Linux, I don't want to accidentally divulge any information that could
> be remotely useful ;)


> In the end the solution was to disable the InnoDB recovery step, but I
> am sure at some point in the future I will have to attack this problem
> again.

I guess you need to verify the rule set and either extend it to add an
exception so the process is allowed to read and write files on the temporary
snapshot mountpoint. Or you have to make sure that the temporary mount point
is in a part of the file system that SE Linux approves for mysqld to have
access to :)

 Lenz Grimmer <lenz@xxxxxxxxxxx>                             -o)
 [ICQ: 160767607 | Jabber: LenZGr@xxxxxxxxxx]                /\\
 http://www.lenzg.org/                                       V_V

Attachment: signature.asc
Description: OpenPGP digital signature