Done
Details
Assignee
Evgeniy PatlanEvgeniy PatlanReporter
Agustin GallegoAgustin GallegoTime tracking
4h loggedComponents
Fix versions
Priority
Medium
Details
Details
Assignee
Evgeniy Patlan
Evgeniy Patlan
Reporter
Agustin Gallego
Agustin Gallego
Time tracking
4h logged
Components
Fix versions
Priority
MediumSmart Checklist
Smart Checklist
Smart Checklist
Created September 2, 2018 at 9:26 PM
Updated March 6, 2024 at 12:52 PM
Resolved November 22, 2018 at 11:10 AM
Tested on:
shell> cat /etc/redhat-release CentOS Linux release 7.4.1708 (Core)Using latest Percona-Server-server packages:
shell> rpm -qa | egrep -i "percona|mysql" percona-toolkit-3.0.11-1.el7.x86_64 Percona-Server-shared-56-5.6.41-rel84.1.el7.x86_64 Percona-Server-server-56-5.6.41-rel84.1.el7.x86_64 percona-release-0.1-4.noarch perl-DBD-MySQL-4.023-6.el7.x86_64 Percona-Server-client-56-5.6.41-rel84.1.el7.x86_64Installed with Percona's RPM repo and
yum install Percona-Server-server-56command.Add
flush_caches=1under[mysqld_safe]section, and when using SELinux to enforcing, the service will not start. Nothing will be logged to mysql's error log, and the following will be seen in system logs:shell> cat /var/log/messages | grep mysql Sep 2 21:05:05 localhost mysqld_safe: 180902 21:05:05 mysqld_safe Logging to '/var/log/mysqld.log'. Sep 2 21:05:05 localhost mysqld_safe: 180902 21:05:05 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql Sep 2 21:06:26 localhost mysqld_safe: 180902 21:06:26 mysqld_safe mysqld from pid file /var/run/mysqld/mysqld.pid ended Sep 2 21:06:35 localhost mysqld_safe: 180902 21:06:35 mysqld_safe Logging to '/var/log/mysqld.log'. Sep 2 21:06:35 localhost mysqld_safe: sysctl: cannot stat /proc/sys/vm/drop_caches: Permission denied Sep 2 21:06:35 localhost mysqld_safe: 180902 21:06:35 mysqld_safe sysctl failed, check the error message for details Sep 2 21:06:35 localhost systemd: mysqld.service: main process exited, code=exited, status=1/FAILUREshell> cat /var/log/audit/audit.log | grep denied type=AVC msg=audit(1535922395.806:977): avc: denied { getattr } for pid=4603 comm="sysctl" path="/proc/sys/vm/drop_caches" dev="proc" ino=29892 scontext=system_u:system_r:mysqld_safe_t:s0 tcontext=system_u:object_r:sysctl_vm_t:s0 tclass=fileIf SELinux is set to
permissive, the service will start, and we will see the following errors logged to audit log:type=AVC msg=audit(1535922999.860:1061): avc: denied { getattr } for pid=6771 comm="sysctl" path="/proc/sys/vm/drop_caches" dev="proc" ino=29892 scontext=system_u:system_r:mysqld_safe_t:s0 tcontext=system_u:object_r:sysctl_vm_t:s0 tclass=file type=AVC msg=audit(1535922999.860:1062): avc: denied { write } for pid=6771 comm="sysctl" name="drop_caches" dev="proc" ino=29892 scontext=system_u:system_r:mysqld_safe_t:s0 tcontext=system_u:object_r:sysctl_vm_t:s0 tclass=file type=AVC msg=audit(1535922999.860:1062): avc: denied { open } for pid=6771 comm="sysctl" path="/proc/sys/vm/drop_caches" dev="proc" ino=29892 scontext=system_u:system_r:mysqld_safe_t:s0 tcontext=system_u:object_r:sysctl_vm_t:s0 tclass=fileSELinux settings for Percona Server 5.6 should be updated with these in place.