SELinux and dedicated disks
Hi all, one of my "lingering issues" since I am back working in Linuxland (especially CentOS): I have the "habit" to have dedicated virtual disks (or similar) for data, e.g. /var/lib/mysql (so I can snapshot them separately, clone and move between VMs etc.) But that makes SELinux unhappy. I was surprised, actually.. What do I have to add to the SELinux contexts to allow this to happen? Regards Peter
Before moving the data do an ls -aliZ /var/lib/ | grep -i mysql and use the same security context accordingly once you move it to new server/partition using "chcon" Regards Majoosh On Wed, Sep 23, 2015 at 11:53 AM, Peter Ross <petrosssit@gmail.com> wrote:
Hi all,
one of my "lingering issues" since I am back working in Linuxland (especially CentOS):
I have the "habit" to have dedicated virtual disks (or similar) for data, e.g. /var/lib/mysql (so I can snapshot them separately, clone and move between VMs etc.)
But that makes SELinux unhappy. I was surprised, actually..
What do I have to add to the SELinux contexts to allow this to happen?
Regards Peter
_______________________________________________ luv-main mailing list luv-main@luv.asn.au http://lists.luv.asn.au/listinfo/luv-main
Hi Majoosh, thanks. But I created an empty /var/lib/mysql partition before I wanted to install mysql. With the result that I could not install mysql successfully. I probably have to re-enact it again because I do not remember whether the install failed or the server did not start up. It was the later, I think. Regards Peter On Wed, Sep 23, 2015 at 12:12 PM, majoosh chacko <majoosh@gmail.com> wrote:
Before moving the data do an ls -aliZ /var/lib/ | grep -i mysql and use the same security context accordingly once you move it to new server/partition using "chcon"
Regards Majoosh
On Wed, Sep 23, 2015 at 11:53 AM, Peter Ross <petrosssit@gmail.com> wrote:
Hi all,
one of my "lingering issues" since I am back working in Linuxland (especially CentOS):
I have the "habit" to have dedicated virtual disks (or similar) for data, e.g. /var/lib/mysql (so I can snapshot them separately, clone and move between VMs etc.)
But that makes SELinux unhappy. I was surprised, actually..
What do I have to add to the SELinux contexts to allow this to happen?
Regards Peter
_______________________________________________ luv-main mailing list luv-main@luv.asn.au http://lists.luv.asn.au/listinfo/luv-main
On Wed, 23 Sep 2015 12:26:33 PM Peter Ross wrote:
But I created an empty /var/lib/mysql partition before I wanted to install mysql.
With the result that I could not install mysql successfully.
restorecon -R -v /var/lib/mysql
I probably have to re-enact it again because I do not remember whether the install failed or the server did not start up.
Having just /var/lib/mysql on a separate partition probably isn't the best idea, you can't make a backup of that without backing up the logs too so it's best to put them on the same filesystem. For a system that has mysqld as an important part of the system functionality (which is most systems that have MySQL running) I create a subvol or filesystem named /mysql. semanage fcontext -a -t mysqld_db_t "/mysql(/.*)?" restorecon -R -v /mysql The above commands will give you the correct labeling for /mysql. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/
participants (3)
-
majoosh chacko -
Peter Ross -
Russell Coker