Mysql – How to Exempt MySQL from SELinux targeted list

MySQLselinux

I am running CentOS 5.5 and attempting to place MySQL on a non-standard port…which SELinux complains about. MySQL starts perfectly fine on with SELinux off and refuses to start with it on. SELinux is currently running a the type of "targeted"

Not wanting to entirely disable SELinux, I would like to exempt MySQL from the list of targeted daemons. Can anyone tell me how to disable SELinux for this one service?

Best Answer

You don't need to disable SELinux at all. What you need to do is label the port you want use.

To check for the labeled ports for MySQL in the policy:


 # semanage port -l | grep mysql
mysqld_port_t                  tcp      1186, 3306, 63132-63163
mysqlmanagerd_port_t           tcp      2273

To label a $custom port:


 # semanage port -a -t mysqld_port_t -p tcp $custom

The main reference for this is the semanage(8) manpage.

Related Solutions

Centos – How does SELinux affect the /home directory

This thread looks relevant - http://archives.postgresql.org/pgsql-admin/2007-11/msg00228.php.

Mysql – How to allow MySQL connections through SELinux

To check SELinux

sestatus

To see what flags are set on httpd processes

getsebool -a | grep httpd

To allow Apache to connect to remote database through SELinux

setsebool httpd_can_network_connect_db 1

Use -P option makes the change permanent. Without this option, the boolean would be reset to 0 at reboot.

setsebool -P httpd_can_network_connect_db 1

Best Answer

Related Solutions

Centos – How does SELinux affect the /home directory

Mysql – How to allow MySQL connections through SELinux

Related Topic