-
Notifications
You must be signed in to change notification settings - Fork 1.7k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Update SELinux policy to allow UDP for multicast repl in galera.
- Loading branch information
Nirbhay Choubey
committed
Jun 23, 2015
1 parent
3274094
commit 71d1f35
Showing
2 changed files
with
30 additions
and
20 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,18 +1,20 @@ | ||
Note: The included SELinux policy files can be used for MariaDB Galera cluster. | ||
However, since these policies had been tested for a limited set of scenarios, | ||
it is highly recommended to run SELinux in "permissive" mode even with these | ||
policies installed and report any denials on mariadb.org/jira. | ||
it is highly recommended that you run mysqld in "permissive" mode even with | ||
these policies installed and report any denials on mariadb.org/jira. | ||
|
||
|
||
How to generate and load the policy module of MariaDB Galera cluster ? | ||
* Generate the SELinux policy module. | ||
# cd <source>/policy/selinux/ | ||
# make -f /usr/share/selinux/devel/Makefile mariadb-server.pp | ||
|
||
* Generate the SELinux policy module. | ||
# cd <source>/policy/selinux/ | ||
# make -f /usr/share/selinux/devel/Makefile mariadb-server.pp | ||
* Load the generated policy module. | ||
# semodule -i /path/to/mariadb-server.pp | ||
|
||
* Load the generated policy module. | ||
# semodule -i /path/to/mariadb-server.pp | ||
|
||
* Lastly, run the following command to allow 4568. | ||
# semanage port -a -t mysqld_port_t -p tcp 4568 | ||
* Lastly, run the following command to allow tcp/4568 and udp/4567. | ||
# semanage port -a -t mysqld_port_t -p tcp 4568 | ||
# semanage port -a -t mysqld_port_t -p udp 4567 | ||
|
||
How to run mysqld in permissve mode ? | ||
# semanage permissive -a mysqld_t |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters