[debian-mysql] Bug#801746: mysql-server-5.6: Please run restorecon on directories you create (at boot and postinst) so it works with SE Linux
Robie Basak
robie.basak at ubuntu.com
Thu Oct 15 11:40:56 UTC 2015
Hi Russell,
Thank you for explaining this to me.
On Thu, Oct 15, 2015 at 01:19:23PM +1100, Russell Coker wrote:
> Every directory that is in a Debian package has it's context set by dpkg. So
> if you were to add /var/lib/mysql/mysql and /var/log/mysql to the package then
> they would have their context set correctly.
>
> For /var/run directories if you add them to a systemd-tmpfiles configuration
> they will get the right context. Add a file named /usr/lib/tmpfiles.d/mysql-
> server.conf with the following contents:
> D /var/run/mysqld 0755 mysql root
This sounds like a better route to me.
> With those changes (adding directories to packages and using systemd-tmpfiles)
> there would be no risk of regression and no SE Linux specific code in your
> package.
>
> Systemd is now the default init system in Debian so eventually you have to
> write a systemd service file for mysql. When you do that you have to use the
> tmpfiles.d configuration which will solve this issue. I'd be happy if you just
> told everyone who uses MySQL on SE Linux to use systemd and didn't bother
> fixing the old SysVInit script. But while MySQL users are forced to start the
> daemon in the old way it would be good to make it work properly on SE Linux.
We are actually already using systemd:
https://anonscm.debian.org/cgit/pkg-mysql/mysql-5.6.git/tree/debian/mysql-server-5.6.mysql.service
Given that we're using systemd, should we adjust your patch to do what
you described above instead before applying? That is, ship
/var/lib/mysql and /var/log/mysql using dh_installdirs (if I understand
you correctly)? The systemd service already uses RuntimeDirectory so
will this cause the right thing to happen, or do we still need a
/usr/lib/tmpfiles.d entry?
Robie
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-mysql-maint/attachments/20151015/3f65efe6/attachment-0001.sig>
More information about the pkg-mysql-maint
mailing list