[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

selinux issues with rhel 7.1 and mysql



Started seeing selinux issues cropping up:

type=USER_AVC msg=audit(1423060632.177:423): pid=1 uid=0 auid=4294967295
ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc:  denied  {
enable } for auid=0 uid=0 gid=0 cmdline="/usr/bin/systemctl preset
iptables.service ip6tables.service"
scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023
tcontext=system_u:system_r:init_t:s0 tclass=service
exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
type=AVC msg=audit(1425921571.425:1211): avc:  denied  { create } for
pid=3445 comm="mysqld" name="database-1-2a0p2.lower-test"
scontext=system_u:system_r:svirt_lxc_net_t:s0:c445,c816
tcontext=system_u:object_r:docker_var_lib_t:s0 tclass=file
type=AVC msg=audit(1425921571.425:1212): avc:  denied  { create } for
pid=3445 comm="mysqld" name="database-1-2a0p2.lower-test"
scontext=system_u:system_r:svirt_lxc_net_t:s0:c445,c816
tcontext=system_u:object_r:docker_var_lib_t:s0 tclass=file
type=AVC msg=audit(1425921571.549:1213): avc:  denied  { setattr } for
pid=3447 comm="mysql_install_d"
name="b369f3a6c5ee7c5a7f10830616920c44fd9c00296858060198fa5c8dd9b302e0"
dev="dm-0" ino=17531361
scontext=system_u:system_r:svirt_lxc_net_t:s0:c445,c816
tcontext=system_u:object_r:docker_var_lib_t:s0 tclass=dir
type=AVC msg=audit(1425921599.201:1215): avc:  denied  { create } for
pid=3489 comm="mysqld" name="database-1-2a0p2.lower-test"
scontext=system_u:system_r:svirt_lxc_net_t:s0:c74,c539
tcontext=system_u:object_r:docker_var_lib_t:s0 tclass=file
type=AVC msg=audit(1425921599.201:1216): avc:  denied  { create } for
pid=3489 comm="mysqld" name="database-1-2a0p2.lower-test"
scontext=system_u:system_r:svirt_lxc_net_t:s0:c74,c539
tcontext=system_u:object_r:docker_var_lib_t:s0 tclass=file
type=AVC msg=audit(1425921599.235:1217): avc:  denied  { setattr } for
pid=3491 comm="mysql_install_d"
name="7eacb0555e6d2149d7214b4b844d666996a95b266f942bf35277040763eb0166"
dev="dm-0" ino=50935001
scontext=system_u:system_r:svirt_lxc_net_t:s0:c74,c539
tcontext=system_u:object_r:docker_var_lib_t:s0 tclass=dir
type=AVC msg=audit(1425921629.977:1219): avc:  denied  { create } for
pid=3531 comm="mysqld" name="database-1-2a0p2.lower-test"
scontext=system_u:system_r:svirt_lxc_net_t:s0:c71,c295
tcontext=system_u:object_r:docker_var_lib_t:s0 tclass=file
type=AVC msg=audit(1425921629.978:1220): avc:  denied  { create } for
pid=3531 comm="mysqld" name="database-1-2a0p2.lower-test"
scontext=system_u:system_r:svirt_lxc_net_t:s0:c71,c295
tcontext=system_u:object_r:docker_var_lib_t:s0 tclass=file
type=AVC msg=audit(1425921630.018:1221): avc:  denied  { setattr } for
pid=3533 comm="mysql_install_d"
name="7919a56692e84b460e5e10b4059fb6d146b95c133ab228e8ca207aa036d19087"
dev="dm-0" ino=50935003
scontext=system_u:system_r:svirt_lxc_net_t:s0:c71,c295
tcontext=system_u:object_r:docker_var_lib_t:s0 tclass=dir
type=AVC msg=audit(1425921659.183:1223): avc:  denied  { create } for
pid=3584 comm="mysqld" name="database-1-2a0p2.lower-test"
scontext=system_u:system_r:svirt_lxc_net_t:s0:c32,c186
tcontext=system_u:object_r:docker_var_lib_t:s0 tclass=file
type=AVC msg=audit(1425921659.184:1224): avc:  denied  { create } for
pid=3584 comm="mysqld" name="database-1-2a0p2.lower-test"
scontext=system_u:system_r:svirt_lxc_net_t:s0:c32,c186
tcontext=system_u:object_r:docker_var_lib_t:s0 tclass=file
type=AVC msg=audit(1425921659.234:1225): avc:  denied  { setattr } for
pid=3586 comm="mysql_install_d"
name="063ff05cf28232c736bac741f75768b96fc5e2c95b3d07b1221afd41657961e0"
dev="dm-0" ino=50935005
scontext=system_u:system_r:svirt_lxc_net_t:s0:c32,c186
tcontext=system_u:object_r:docker_var_lib_t:s0 tclass=dir
type=AVC msg=audit(1425921689.166:1227): avc:  denied  { create } for
pid=3631 comm="mysqld" name="database-1-2a0p2.lower-test"
scontext=system_u:system_r:svirt_lxc_net_t:s0:c660,c705
tcontext=system_u:object_r:docker_var_lib_t:s0 tclass=file
type=AVC msg=audit(1425921689.167:1228): avc:  denied  { create } for
pid=3631 comm="mysqld" name="database-1-2a0p2.lower-test"
scontext=system_u:system_r:svirt_lxc_net_t:s0:c660,c705
tcontext=system_u:object_r:docker_var_lib_t:s0 tclass=file
type=AVC msg=audit(1425921689.220:1229): avc:  denied  { setattr } for
pid=3633 comm="mysql_install_d"
name="85aeae93974cadce0c8442f9a03cddb40c56b5ec7908ce06f36ec7dd17a8b79e"
dev="dm-0" ino=50935009
scontext=system_u:system_r:svirt_lxc_net_t:s0:c660,c705
tcontext=system_u:object_r:docker_var_lib_t:s0 tclass=dir
type=AVC msg=audit(1425921719.830:1231): avc:  denied  { create } for
pid=3673 comm="mysqld" name="database-1-2a0p2.lower-test"
scontext=system_u:system_r:svirt_lxc_net_t:s0:c222,c569
tcontext=system_u:object_r:docker_var_lib_t:s0 tclass=file
type=AVC msg=audit(1425921719.831:1232): avc:  denied  { create } for
pid=3673 comm="mysqld" name="database-1-2a0p2.lower-test"
scontext=system_u:system_r:svirt_lxc_net_t:s0:c222,c569
tcontext=system_u:object_r:docker_var_lib_t:s0 tclass=file
type=AVC msg=audit(1425921719.878:1233): avc:  denied  { setattr } for
pid=3675 comm="mysql_install_d"
name="e046111411b5d5e1c8a2c46d080bcfeaeabfcfba1b6905368ccc4fef840e67fb"
dev="dm-0" ino=50935011
scontext=system_u:system_r:svirt_lxc_net_t:s0:c222,c569
tcontext=system_u:object_r:docker_var_lib_t:s0 tclass=dir
type=AVC msg=audit(1425921749.264:1235): avc:  denied  { create } for
pid=3716 comm="mysqld" name="database-1-2a0p2.lower-test"
scontext=system_u:system_r:svirt_lxc_net_t:s0:c792,c946
tcontext=system_u:object_r:docker_var_lib_t:s0 tclass=file
type=AVC msg=audit(1425921749.265:1236): avc:  denied  { create } for
pid=3716 comm="mysqld" name="database-1-2a0p2.lower-test"
scontext=system_u:system_r:svirt_lxc_net_t:s0:c792,c946
tcontext=system_u:object_r:docker_var_lib_t:s0 tclass=file
type=AVC msg=audit(1425921749.336:1237): avc:  denied  { setattr } for
pid=3718 comm="mysql_install_d"
name="996709095ec2a9acfff73d97892a1e5d89a9f58e608d5b0d921fa72bf9199f59"
dev="dm-0" ino=50935013
scontext=system_u:system_r:svirt_lxc_net_t:s0:c792,c946
tcontext=system_u:object_r:docker_var_lib_t:s0 tclass=dir
type=AVC msg=audit(1425921770.007:1241): avc:  denied  { create } for
pid=3781 comm="mysqld" name="database-1-2a0p2.lower-test"
scontext=system_u:system_r:svirt_lxc_net_t:s0:c125,c572
tcontext=system_u:object_r:docker_var_lib_t:s0 tclass=file
type=AVC msg=audit(1425921770.008:1242): avc:  denied  { create } for
pid=3781 comm="mysqld" name="database-1-2a0p2.lower-test"
scontext=system_u:system_r:svirt_lxc_net_t:s0:c125,c572
tcontext=system_u:object_r:docker_var_lib_t:s0 tclass=file
type=AVC msg=audit(1425921770.200:1251): avc:  denied  { setattr } for
pid=3794 comm="mysql_install_d"
name="cc4d8727ea3d1e832ed3e5a99ebf44373f4b5f9424e676a82407c7245f70d983"
dev="dm-0" ino=759911
scontext=system_u:system_r:svirt_lxc_net_t:s0:c125,c572
tcontext=system_u:object_r:docker_var_lib_t:s0 tclass=dir

Is this known?

-- 
Erik M Jacobs, RHCA
Principal Technical Marketing Manager, OpenShift Enterprise
Red Hat, Inc.
Phone: 646.462.3745
Email: ejacobs redhat com
AOL Instant Messenger: ejacobsatredhat
Twitter: @ErikonOpen
Freenode: thoraxe


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]