SELinux MySQL DataDir 변경 문제
mysql datadir을 /var/lib/mysql에서 /mnt/DataStorage/mysql/data 으로 바꿀려고 하는데 자꾸 오류가 납니다..
어떻게 해야 할까요??
mysql error :
140526 9:11:30 [Note] /usr/libexec/mysqld: Shutdown complete
140526 09:11:30 mysqld_safe mysqld from pid file /var/run/mysqld/mysqld.pid ended
audit.log :
type=SYSCALL msg=audit(1401063090.125:32): arch=c000003e syscall=6 success=no exit=-13 a0=7fff68d97670 a1=7fff68d975a0 a2=7fff68d975a0 a3=ffffffffffffff0b items=0 ppid=3897 pid=4002 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=1 tty=pts0 comm="mysqld" exe="/usr/libexec/mysqld" subj=unconfined_u:system_r:mysqld_t:s0 key=(null)
type=AVC msg=audit(1401063090.127:33): avc: denied { search } for pid=4002 comm="mysqld" name="/" dev="sdb1" ino=2 scontext=unconfined_u:system_r:mysqld_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=dir
type=SYSCALL msg=audit(1401063090.127:33): arch=c000003e syscall=87 success=no exit=-13 a0=7fff68d984b0 a1=0 a2=0 a3=fffffffffffffffd items=0 ppid=3897 pid=4002 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=1 tty=pts0 comm="mysqld" exe="/usr/libexec/mysqld" subj=unconfined_u:system_r:mysqld_t:s0 key=(null)
type=AVC msg=audit(1401063090.127:34): avc: denied { search } for pid=4002 comm="mysqld" name="/" dev="sdb1" ino=2 scontext=unconfined_u:system_r:mysqld_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=dir
type=SYSCALL msg=audit(1401063090.127:34): arch=c000003e syscall=2 success=no exit=-13 a0=7fff68d986b0 a1=42 a2=1b6 a3=fffffffffffffffd items=0 ppid=3897 pid=4002 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=1 tty=pts0 comm="mysqld" exe="/usr/libexec/mysqld" subj=unconfined_u:system_r:mysqld_t:s0 key=(null)
type=AVC msg=audit(1401063090.127:35): avc: denied { search } for pid=4002 comm="mysqld" name="/" dev="sdb1" ino=2 scontext=unconfined_u:system_r:mysqld_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=dir
type=SYSCALL msg=audit(1401063090.127:35): arch=c000003e syscall=87 success=no exit=-13 a0=7fff68d984b0 a1=0 a2=0 a3=fffffffffffffffd items=0 ppid=3897 pid=4002 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=1 tty=pts0 comm="mysqld" exe="/usr/libexec/mysqld" subj=unconfined_u:system_r:mysqld_t:s0 key=(null)
type=AVC msg=audit(1401063090.127:36): avc: denied { search } for pid=4002 comm="mysqld" name="/" dev="sdb1" ino=2 scontext=unconfined_u:system_r:mysqld_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=dir
type=SYSCALL msg=audit(1401063090.127:36): arch=c000003e syscall=2 success=no exit=-13 a0=7fff68d986b0 a1=42 a2=1b6 a3=fffffffffffffffd items=0 ppid=3897 pid=4002 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=1 tty=pts0 comm="mysqld" exe="/usr/libexec/mysqld" subj=unconfined_u:system_r:mysqld_t:s0 key=(null)
type=AVC msg=audit(1401063090.127:37): avc: denied { search } for pid=4002 comm="mysqld" name="/" dev="sdb1" ino=2 scontext=unconfined_u:system_r:mysqld_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=dir
type=SYSCALL msg=audit(1401063090.127:37): arch=c000003e syscall=80 success=no exit=-13 a0=d3d900 a1=10 a2=1000
a3=8 items=0 ppid=3897 pid=4002 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=1 tty=pts0 comm="mysqld" exe="/usr/libexec/mysqld" subj=unconfined_u:system_r:mysqld_t:s0 key=(null)
type=DAEMON_END msg=audit(1401063102.955:5065): auditd normal halt, sending auid=500 pid=4078 subj=unconfined_u:system_r:initrc_t:s0 res=success
ls -alZ /mnt/DataStorage/mysql
ls -alZ /mnt/DataStorage/mysql/data
/etc/selinux/targeted/contexts/files/file_contexts.local
/mnt/DataStorage/mysql system_u:object_r:mysqld_db_t:s0
/mnt/DataStorage/mysql/data(/.*)? system_u:object_r:mysqld_db_t:s0
sealert -a audit.log 하면
sealert -a audit.log 하면 selinux 관련 에러를 보기 쉽습니다. 그러면 왜 안되는지 파악하는게 좀더 쉬울 수 있고요...
audit2allow 명령은 avc 메시지를 SELinux의 정책 설정 규칙으로 번역해줍니다. 그걸 이용해서 로컬 정책 모듈을 만드는 것도 한 방법일 겁니다. http://docs.fedoraproject.org/en-US/Fedora/13/html/SELinux_FAQ/#id2961385
----
academic은 제 고등학교 때 동아리 이름입니다.
academic, 아주 가끔은 저도 이랬으면 좋겠습니다.
답변 감사합니다.
감사합니다.
sealert 로 해결방법을 알아내고 해결했습니다~!
정말 감사합니다. 이것때문에 아무것도 못하고 있었었는데...
댓글 달기