Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Sven Vermeulen <sven.vermeulen@××××××.be>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/
Date: Fri, 02 Nov 2012 19:13:38
Message-Id: 1351883278.2e3ce947e381b99fbaf7c7fd15ea90b12ef01155.SwifT@gentoo
1 commit: 2e3ce947e381b99fbaf7c7fd15ea90b12ef01155
2 Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
3 AuthorDate: Wed Oct 31 21:18:28 2012 +0000
4 Commit: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
5 CommitDate: Fri Nov 2 19:07:58 2012 +0000
6 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=2e3ce947
7
8 Support initial creation of mysql database files
9
10 The first thing a MySQL administrator has to do is to create the database
11 (files) themselves. This is done through the mysql_install_db command. However,
12 this command invokes mysqld to properly setup the environment.
13
14 This allow the calling domain of the administrator to execute (without
15 transitioning) the mysqld_exec_t resources (such as mysqld).
16
17 Without this, the installation fails with:
18
19 FATAL ERROR: Could not find /usr/sbin/mysqld
20
21 Signed-off-by: Sven Vermeulen <sven.vermeulen <AT> siphos.be>
22
23 ---
24 policy/modules/contrib/mysql.if | 4 +++-
25 1 files changed, 3 insertions(+), 1 deletions(-)
26
27 diff --git a/policy/modules/contrib/mysql.if b/policy/modules/contrib/mysql.if
28 index 66a1dca..0ebcdf1 100644
29 --- a/policy/modules/contrib/mysql.if
30 +++ b/policy/modules/contrib/mysql.if
31 @@ -416,7 +416,7 @@ interface(`mysql_search_pid_files',`
32 #
33 interface(`mysql_admin',`
34 gen_require(`
35 - type mysqld_t, mysqld_var_run_t, mysqld_etc_t;
36 + type mysqld_t, mysqld_var_run_t, mysqld_etc_t, mysqld_exec_t;
37 type mysqld_tmp_t, mysqld_db_t, mysqld_log_t;
38 type mysqld_safe_t, mysqlmanagerd_t, mysqlmanagerd_var_run_t;
39 type mysqld_initrc_exec_t, mysqlmanagerd_initrc_exec_t;
40 @@ -430,6 +430,8 @@ interface(`mysql_admin',`
41 role_transition $2 { mysqlmanagerd_initrc_exec_t mysqld_initrc_exec_t } system_r;
42 allow $2 system_r;
43
44 + can_exec($1, mysqld_exec_t)
45 +
46 files_search_pids($1)
47 admin_pattern($1, { mysqlmanagerd_var_run_t mysqld_var_run_t })
Report Message
Find on MARC Find on Google Groups