Skip to main content

Set SELinux contexts for MySQL Server for datadir, logdir, errolog, pid, socket, port

Set SELinux contexts for MySQL Server for datadir, logdir, errolog, pid, socket, port:

semange help:
semanage -h
semanage fcontext -h
List the current MySQL contexts:
#semanage fcontext -l | grep -i mysql
List port available for MySQL:
#semanage port -l | grep mysql
Add port to mysqld template:
#semanage -a -t mysqld_port_t -p tcp 3375
Add port range to mysqld template:
#semanage port -a -t mysqld_port_t -p tcp 35000-38000
Remove the mysql templete tcp port:
#semanage port -d -t mysqld_port_t -p tcp 3375
Set the data directory context:
Default location for data directory - /var/lib/mysql/, the SELinux context used is mysqld_db_t.
# semanage fcontext -a -t mysqld_db_t "/path/to/my/custom/datadir(/.*)?"
# restorecon -Rv /path/to/my/custom/datadir
Set the log directory context:
# semanage fcontext -a -t mysqld_db_t "/path/to/my/custom/logdir(/.*)?"
# restorecon -Rv /path/to/my/custom/logdir
Set error log file context:
The default location for RedHat RPMs is /var/log/mysqld.log, the SELinux context used is mysqld_log_t.
# semanage fcontext -a -t mysqld_log_t "/path/to/my/custom/error.log"
# restorecon -Rv /path/to/my/custom/error.log
Set PID file context:
The default location for the PID file is /var/run/mysqld/mysqld.pid, the SELinux context used is mysqld_var_run_t.
# semanage fcontext -a -t mysqld_var_run_t "/path/to/my/custom/pidfile/directory/.*?"
# restorecon -Rv /path/to/my/custom/pidfile/directory
Set the unix-domain socket context:
The default location for the unix-domain socket is /var/lib/mysql/mysql.sock, the SELinux context used is mysqld_var_run_t.
# semanage fcontext -a -t mysqld_var_run_t "/path/to/my/custom/mysql\.sock"
# restorecon -Rv /path/to/my/custom/mysql.sock
Set the TCP port context:
The default TCP port is 3306, the SELinux context used is mysqld_port_t
# semanage port -a -t mysqld_port_t -p tcp 13306
List:
#semanage port -l | grep mysql
Remove content from context:
#semanage fcontext -d /path/to/my/custom/error.log 
Tools require:
# yum install policycoreutils-python

Explore more about mysqld_selinux - https://linux.die.net/man/8/mysqld_selinux

Labels

Labels:

Comments

Post a Comment

Popular posts from this blog

MySQL InnoDB cluster troubleshooting | commands

Cluster Validation: select * from performance_schema.replication_group_members; All members should be online. select instance_name, mysql_server_uuid, addresses from  mysql_innodb_cluster_metadata.instances; All instances should return same value for mysql_server_uuid SELECT @@GTID_EXECUTED; All nodes should return same value Frequently use commands: mysql> SET SQL_LOG_BIN = 0;  mysql> stop group_replication; mysql> set global super_read_only=0; mysql> drop database mysql_innodb_cluster_metadata; mysql> RESET MASTER; mysql> RESET SLAVE ALL; JS > var cluster = dba.getCluster() JS > var cluster = dba.getCluster("<Cluster_name>") JS > var cluster = dba.createCluster('name') JS > cluster.removeInstance('root@<IP_Address>:<Port_No>',{force: true}) JS > cluster.addInstance('root@<IP add>,:<port>') JS > cluster.addInstance('root@ <IP add>,:<port> ') JS > dba.getC...
Post a Comment
Read more

InnoDB cluster Remove Instance Force | Add InnoDB instance

InnoDB cluster environment UUID is different on node: To fix it stop group replication, remove instance (use force if require), add instance back Identify the node which is not in sync: Execute following SQL statement on each node and identify the node has different UUID on all nodes. mysql> select * from mysql_innodb_cluster_metadata.instances; Stop group replication: Stop group replication on the node which does not have same UUID on all nodes. mysql > stop GROUP_REPLICATION; Remove instances from cluster: Remove all secondary node from the cluster and add them back if require. $mysqlsh JS >\c root@<IP_Address>:<Port_No> JS > dba.getCluster().status() JS > dba.getCluster () <Cluster:cluster_name> JS > var cluster = dba.getCluster("cluster_name"); JS >  cluster.removeInstance('root@<IP_Address>:<Port_No>'); If you get "Cluster.removeInstance: Timeout reached waiting......" JS > cluster.removeInstance(...
2 comments
Read more

Oracle E-Business Suite Online Patch Phases executing adop

Following description about Oracle E-Business Suite is high level and from documentation https://docs.oracle.com/cd/E26401_01/doc.122/e22954/T202991T531062.htm#5281339 for in depth and detail description refer it. The online patching cycle phases: Prepare Apply Finalize Cutover Cleanup Prepare phase: Start a new online patching cycle, Prepares the environment for patching. $ adop phase=prepare Apply phase: Applies the specified patches to the environment. Apply one or more patches to the patch edition. $ adop phase=apply patches=123456,789101 workers=8 Finalize phase: Performs any final steps required to make the system ready for cutover. Perform the final patching operations that can be executed while the application is still online. $ adop phase=finalize Cutover phase: Shuts down application tier services, makes the patch edition the new run edition, and then restarts application tier services. This is the only phase that involves a brief ...
Post a Comment
Read more