SELinux and mariadb (mysql)
I’ve just built a new mysql server vm, using the instructions I posted previously. This is documentation on how I configured it.
To get nfs to work, install nfs-utils
.
$ yum install nfs-utils httpd mariadb mariadb-server
I’m putting the database on an nfs mount from my nas. Socket files can’t exist on nfs. It’s easier to move the data than the socket file (I think I hit an selinux issue with socket access).
Add the following to the /etc/my.cnf:
[mysqld]
# Move datadir to mysql-data
datadir=/var/lib/mysql-data
# Default socket
socket=/var/lib/mysql/mysql.sock
# Wasn't binding to an external ipv4 by default
bind-address=10.10.11.107
Make the mysql-data directory, and restrict it’s permissions:
$ mkdir -p /var/lib/mysql-data
$ chown root:root /var/lib/mysql-data
$ chmod 0000 /var/lib/mysql-data
Now, mysql-data files will need to have the mysqld_db_t selinux context applied to them. Those don’t carry over nfs, so we can force a context in /etc/fstab:
nas:/hosts/sql/var/lib/mysql /var/lib/mysql-data nfs4 nosharecache,context="system_u:object_r:mysqld_db_t:s0" 0 0
Now, enable mariadb, and start the service:
$ systemctl enable mariadb
$ systemctl start mariadb
If you’re having issues starting the service, you can check for any recent selinux denials.
$ ausearch -m avc | tail