1 |
commit: 2e3ce947e381b99fbaf7c7fd15ea90b12ef01155 |
2 |
Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be> |
3 |
AuthorDate: Wed Oct 31 21:18:28 2012 +0000 |
4 |
Commit: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be> |
5 |
CommitDate: Fri Nov 2 19:07:58 2012 +0000 |
6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=2e3ce947 |
7 |
|
8 |
Support initial creation of mysql database files |
9 |
|
10 |
The first thing a MySQL administrator has to do is to create the database |
11 |
(files) themselves. This is done through the mysql_install_db command. However, |
12 |
this command invokes mysqld to properly setup the environment. |
13 |
|
14 |
This allow the calling domain of the administrator to execute (without |
15 |
transitioning) the mysqld_exec_t resources (such as mysqld). |
16 |
|
17 |
Without this, the installation fails with: |
18 |
|
19 |
FATAL ERROR: Could not find /usr/sbin/mysqld |
20 |
|
21 |
Signed-off-by: Sven Vermeulen <sven.vermeulen <AT> siphos.be> |
22 |
|
23 |
--- |
24 |
policy/modules/contrib/mysql.if | 4 +++- |
25 |
1 files changed, 3 insertions(+), 1 deletions(-) |
26 |
|
27 |
diff --git a/policy/modules/contrib/mysql.if b/policy/modules/contrib/mysql.if |
28 |
index 66a1dca..0ebcdf1 100644 |
29 |
--- a/policy/modules/contrib/mysql.if |
30 |
+++ b/policy/modules/contrib/mysql.if |
31 |
@@ -416,7 +416,7 @@ interface(`mysql_search_pid_files',` |
32 |
# |
33 |
interface(`mysql_admin',` |
34 |
gen_require(` |
35 |
- type mysqld_t, mysqld_var_run_t, mysqld_etc_t; |
36 |
+ type mysqld_t, mysqld_var_run_t, mysqld_etc_t, mysqld_exec_t; |
37 |
type mysqld_tmp_t, mysqld_db_t, mysqld_log_t; |
38 |
type mysqld_safe_t, mysqlmanagerd_t, mysqlmanagerd_var_run_t; |
39 |
type mysqld_initrc_exec_t, mysqlmanagerd_initrc_exec_t; |
40 |
@@ -430,6 +430,8 @@ interface(`mysql_admin',` |
41 |
role_transition $2 { mysqlmanagerd_initrc_exec_t mysqld_initrc_exec_t } system_r; |
42 |
allow $2 system_r; |
43 |
|
44 |
+ can_exec($1, mysqld_exec_t) |
45 |
+ |
46 |
files_search_pids($1) |
47 |
admin_pattern($1, { mysqlmanagerd_var_run_t mysqld_var_run_t }) |