-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01/14/2011 03:28 PM, Luciano Furtado wrote:
when I run audit2allow I get the following:
#============= mysqld_t ==============
allow mysqld_t bin_t:dir search;
allow mysqld_t bin_t:file { read execute };
allow mysqld_t bin_t:lnk_file read;
allow mysqld_t shell_exec_t:file { read execute getattr
execute_no_trans };
I would probably just allow the above. looks like it wants to run mysql
command which i guess is labelled bin_t.
corecmd_exec_bin(mysqld_t)
corecmd_exec_shell(mysqld_t)
should be suffice i believe
What's the proper fix here? I dont want to give the mysqld_t
permission
to execute arbitrary scripts. The only solution I have right now is to
relabel mysql_upgrade so it runs as unconfined, and that's not much of
a solution.
Best Regards.
Luciano
- --
selinux mailing list
selinux(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora -
http://enigmail.mozdev.org/
iEYEARECAAYFAk0wXkkACgkQMlxVo39jgT/vqQCgs+I9ZbPKM8tfSRnh3Kybfm/4
3WoAnRFU5M7MH9wv1fclWmCGnV7cH2Xe
=iMIN
-----END PGP SIGNATURE-----