MySQL tmpdir on /dev/shm with SELinux

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Posted by smorfnip on Server Fault See other posts from Server Fault or by smorfnip
Published on 2009-11-05T16:27:01Z Indexed on 2010/04/10 0:03 UTC
Read the original article Hit count: 599

Filed under:
|
|
|

On RHEL5, I have a small MySQL database that has to write temp files. To speed up this process, I would like to move the temporary directory to /dev/shm by putting the following line into my.cnf:

tmpdir=/dev/shm/mysqltmp

I can create /dev/shm/mysqltmp just fine and do 

chown mysql:mysql /dev/shm/mysqltmp
chcon --reference /tmp/ /dev/shm/mysqltmp

I've tried to make SELinux happy by applying the same settings that are in effect for /tmp/ (and /var/tmp/), which is presumably where MySQL is writing its tmp files if tmpdir is undefined.

The problem is that SELinux complains about MySQL having access to that directory. I get the following in /var/log/messages:

SELinux is preventing mysqld (mysqld_t) "getattr" to /dev/shm (tmpfs_t).

SELinux is a hard mistress. Details:

Source Context                root:system_r:mysqld_t
Target Context                system_u:object_r:tmpfs_t
Target Objects                /dev/shm [ dir ]
Source                        mysqld
Source Path                   /usr/libexec/mysqld
Port                          <Unknown>
Host                          db.example.com
Source RPM Packages           mysql-server-5.0.77-3.el5
Target RPM Packages           
Policy RPM                    selinux-policy-2.4.6-255.el5_4.1
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall_file
Host Name                     db.example.com
Platform                      Linux db.example.com 2.6.18-164.2.1.el5 #1 SMP
                              Mon Sep 21 04:37:42 EDT 2009 x86_64 x86_64
Alert Count                   46
First Seen                    Wed Nov  4 14:23:48 2009
Last Seen                     Thu Nov  5 09:46:00 2009
Local ID                      e746d880-18f6-43c1-b522-a8c0508a1775

ls -lZ /dev/shm shows

drwxrwxr-x  mysql mysql system_u:object_r:tmp_t          mysqltmp

and permissions for /dev/shm itself are

drwxrwxrwt  root root  system_u:object_r:tmpfs_t        shm

I've also tried 

chcon -R -t mysqld_t /dev/shm/mysqltmp

and setting the group on /dev/shm to mysql with no better results. Shouldn't it be enough to tell SELinux, hey, this is a temp directory just like MySQL was using before?

Short of turning off SELinux, how do I make this work? Do I need to edit SELinux policy files?

© Server Fault or respective owner

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Related posts about rhel5

Related posts about mysql

Categories cloud

.NET ASP.NET iphone linux python Windows mysql android sql windows-7 html c ruby-on-rails css objective-c ubuntu networking sql-server wpf asp.net-mvc ruby database Xml apache AJAX osx security regex django Performance 12.04 windows-xp mac web-development iphone-sdk vb.net Silverlight apache2 flash server perl best-practices email installation eclipse visual-studio algorithm windows-server-2008 winforms wcf firefox bash dns /Oracle