I am attempting to start MySQL with SELinux on CentOS 6 however I am getting the following error.
131212 09:08:08 mysqld_safe mysqld from pid file /var/run/mysqld/mysqld.pid ended
131212 09:08:58 mysqld_safe Starting mysqld daemon with databases from /u/mysql
131212 9:08:58 [Warning] Can't create test file /u/mysql/webserver.lower-test
131212 9:08:58 [Warning] Can't create test file /u/mysql/webserver.lower-test
^G/usr/libexec/mysqld: Can't change dir to '/u/mysql/' (Errcode: 13)
131212 9:08:58 [ERROR] Aborting
We have setup MySQL with many other servers however the difference here is that the mysql datadir is in a different partition than the standard /vat/lib.mysql. Instead it is in /u/mysql.
Here is the /etc/my.cnf
[mysqld]
datadir=/u/mysql
user=mysql
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
max_allowed_packet = 32M
[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
Here are the permissions for the mysql dir
drwxr-xr-x. mysql mysql system_u:object_r:mysqld_db_t:s0 mysql
and here are the permissions for one of the directorys in the /u/mysql dir
drwx------. mysql mysql system_u:object_r:mysqld_db_t:s0 databasefolder
Does anyone have any ideas on how to fix this? I can confirm that turning SELinux off resolves the issue so it has to be some sort of SELinux permissions issue.
Thank you
Best Answer
The place to start is to look at your /var/log/audit/audit.log for AVC denied messages relating to mysqld. These can be passed to audit2why to gather more information to help you decide what to do.
You have your mysql files in a non standard location and although the directories have the correct context it's likely that the files in them are not. The best way to achieve this is to add a new fcontext for the /u/mysql directory
The semanage command configures the policy so that subsequent restorecon commands will not set the context back to the system default.