[debian-mysql] Bug#853291: mysql-server-5.7: need to call restorecon for SE Linux

Russell Coker russell at coker.com.au
Tue Jan 31 09:11:57 UTC 2017 

Package: mysql-server-5.7
Version: 5.7.16-2
Severity: normal
Tags: patch

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=801746

This is basically a repeat of the above bug for the latest mysql.  While we
have an install command to create a directory we need to have a SE Linux
label assigned to it.  Robie Basak wanted to use tmpfiles.d as the only way
of labelling it, but that means not supporting the combination of sysvinit,
MySQL, and SE Linux which I don't think is reasonable unless the decision is
to just stop supporting MySQL with sysvinit.

Here is a patch for the init script.  Note that it does no harm to run
restorecon when SE Linux isn't active and it also does no harm to run it
multiple times so there's no need to check before running it.  Also as an
aside install can be run multiple times without harm so the test -e operation
just complicates the script without giving a benefit to the user.

--- /etc/init.d/mysql	2016-12-04 00:22:09.000000000 +1100
+++ /etc/init.d/mysql.new	2017-01-31 19:53:24.490160901 +1100
@@ -104,6 +104,7 @@
 	else
 	    # Could be removed during boot
 	    test -e /var/run/mysqld || install -m 755 -o mysql -g root -d /var/run/mysqld
+	    [ -x /sbin/restorecon ] && /sbin/restorecon /var/run/mysqld
 
 	    # Start MySQL! 
   	    su - mysql -s /bin/sh -c "/usr/bin/mysqld_safe > /dev/null 2>&1 &"

-- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)

Versions of packages mysql-server-5.7 depends on:
ii  adduser                3.115
ii  bsdutils               1:2.29.1-1
ii  debconf [debconf-2.0]  1.5.60
ii  init-system-helpers    1.47
ii  libatomic1             6.3.0-5
ii  libc6                  2.24-9
ii  libevent-core-2.0-5    2.0.21-stable-2.1
ii  libgcc1                1:6.3.0-5
ii  liblz4-1               0.0~r131-2
ii  libmecab2              0.996-3
ii  libstdc++6             6.3.0-5
ii  lsb-base               9.20161125
ii  mysql-client-5.7       5.7.16-2
ii  mysql-common           5.8+1.0.2
ii  mysql-server-core-5.7  5.7.16-2
ii  passwd                 1:4.4-3
ii  perl                   5.24.1-1
ii  psmisc                 22.21-2.1+b1
ii  zlib1g                 1:1.2.8.dfsg-5

Versions of packages mysql-server-5.7 recommends:
pn  libhtml-template-perl  <none>

Versions of packages mysql-server-5.7 suggests:
ii  bsd-mailx [mailx]  8.1.2-0.20160123cvs-3
pn  tinyca             <none>

-- debconf information excluded

More information about the pkg-mysql-maint mailing list