Commit 8b3b7380 authored by Daniel Black's avatar Daniel Black Committed by Daniel Black

MDEV-27635: selinux: allow read of /proc/sys/kernel/core_pattern

Prevent the error:

setroubleshoot[23678]: SELinux is preventing /usr/libexec/mysqld from read access on the file core_pattern.

Reading of the core pattern occurs on crash as added in MDEV-15051

RHEL-7.7

$  ls -laZ /proc/sys/kernel/core_pattern
-rw-r--r--. root root system_u:object_r:usermodehelper_t:s0 /proc/sys/kernel/core_pattern
parent 68b3fa88
...@@ -77,6 +77,7 @@ allow mysqld_t user_tmp_t:dir { write add_name }; ...@@ -77,6 +77,7 @@ allow mysqld_t user_tmp_t:dir { write add_name };
allow mysqld_t user_tmp_t:file create; allow mysqld_t user_tmp_t:file create;
allow mysqld_t bin_t:lnk_file read; allow mysqld_t bin_t:lnk_file read;
allow mysqld_t tmp_t:file { append create read write open getattr unlink setattr }; allow mysqld_t tmp_t:file { append create read write open getattr unlink setattr };
allow mysqld_t usermodehelper_t:file { read open };
# Allows too much leeway - the xtrabackup/wsrep rules in fc should fix it, but # Allows too much leeway - the xtrabackup/wsrep rules in fc should fix it, but
# keep for the moment. # keep for the moment.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment