Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New Datadir + SELinux issue #128

Closed
Paladin opened this issue Dec 12, 2016 · 3 comments
Closed

New Datadir + SELinux issue #128

Paladin opened this issue Dec 12, 2016 · 3 comments

Comments

@Paladin
Copy link

Paladin commented Dec 12, 2016
edited
Loading

When specifying a different data directory from the default one on a system running SELinux, there's a problem that arises:

It's caused by the process for creating the new data dir (essentially by not changing the config but moving the data and then creating a symbolic link). The package installation puts the correct SEL label on the default data directory, but that gets wiped out by the move-and-link operation. The solution is simple, but since the problem happens within the cookbook, there's no way to "inject" the solution into the cookbook from outside. The command "restorecon -v /var/lib/mysql" has to be issued to restore the established default context to the data directory before starting the db service (not doing so results in an error condition and the build dies).

Possibly put a restore context command before the restart, with a guard clause only_if selinux is active (or maybe only_ if the command exists)?

A related issue is caused because the new data directory doesn't have the correct (mysqld_db_t) selinux type label, but that can be worked around by creating the directory and assigning it the correct label before including the mariadb::default recipe. Unfortunately that doesn't help the first problem; there's no way to insert the restorecon between the creation of the link and restarting the service, so it crashes.
@Paladin
Copy link
Author

Paladin commented Dec 13, 2016
edited
Loading

As a follow-up, there is a workaround for the crash. Before including the mariadb::default recipe:

bash 'restore selinux context after creating link' do
code "restorecon -v #{node['mariadb']['mysqld']['default_datadir']}"
action :nothing
subscribes :run, 'bash[move-datadir]', :immediately
end

Unfortunately, the workaround depends upon internals in the mariadb:server recipe (specifically, the name of the resource that creates the link to the new data directory) so it's a bit fragile. It needs to be constantly retested to ensure it still works.

@shoekstra shoekstra added the bug label Mar 12, 2017
dimsh99 added a commit to dimsh99/mariadb that referenced this issue Apr 1, 2017
@dimsh99
Fix for issue sous-chefs#128
296e8df
shoekstra pushed a commit that referenced this issue Apr 18, 2017
@dimsh99 @shoekstra
Fix for issue #128
c225ca0
shoekstra pushed a commit to dimsh99/mariadb that referenced this issue Apr 18, 2017
@dimsh99 @shoekstra
Fix for issue sous-chefs#128
8c4cce2
@shoekstra
Copy link
Contributor

This has been resolved via #153

shoekstra pushed a commit to stromp/mariadb that referenced this issue Apr 19, 2017
@dimsh99 @shoekstra
Fix for issue sous-chefs#128
f54a9d6
@lock
Copy link

lock bot commented Jul 24, 2018

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@lock lock bot locked as resolved and limited conversation to collaborators Jul 24, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Paladin @shoekstra