MySQL tmpdir on /dev/shm with SELinux

Posted by smorfnip on Server Fault See other posts from Server Fault or by smorfnip
Published on 2009-11-05T16:27:01Z Indexed on 2010/04/10 0:03 UTC
Read the original article Hit count: 615

Filed under:
|
|
|

On RHEL5, I have a small MySQL database that has to write temp files. To speed up this process, I would like to move the temporary directory to /dev/shm by putting the following line into my.cnf:

tmpdir=/dev/shm/mysqltmp

I can create /dev/shm/mysqltmp just fine and do

chown mysql:mysql /dev/shm/mysqltmp
chcon --reference /tmp/ /dev/shm/mysqltmp

I've tried to make SELinux happy by applying the same settings that are in effect for /tmp/ (and /var/tmp/), which is presumably where MySQL is writing its tmp files if tmpdir is undefined.

The problem is that SELinux complains about MySQL having access to that directory. I get the following in /var/log/messages:

SELinux is preventing mysqld (mysqld_t) "getattr" to /dev/shm (tmpfs_t).

SELinux is a hard mistress. Details:

Source Context                root:system_r:mysqld_t
Target Context                system_u:object_r:tmpfs_t
Target Objects                /dev/shm [ dir ]
Source                        mysqld
Source Path                   /usr/libexec/mysqld
Port                          <Unknown>
Host                          db.example.com
Source RPM Packages           mysql-server-5.0.77-3.el5
Target RPM Packages           
Policy RPM                    selinux-policy-2.4.6-255.el5_4.1
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall_file
Host Name                     db.example.com
Platform                      Linux db.example.com 2.6.18-164.2.1.el5 #1 SMP
                              Mon Sep 21 04:37:42 EDT 2009 x86_64 x86_64
Alert Count                   46
First Seen                    Wed Nov  4 14:23:48 2009
Last Seen                     Thu Nov  5 09:46:00 2009
Local ID                      e746d880-18f6-43c1-b522-a8c0508a1775

ls -lZ /dev/shm shows

drwxrwxr-x  mysql mysql system_u:object_r:tmp_t          mysqltmp

and permissions for /dev/shm itself are

drwxrwxrwt  root root  system_u:object_r:tmpfs_t        shm

I've also tried

chcon -R -t mysqld_t /dev/shm/mysqltmp

and setting the group on /dev/shm to mysql with no better results. Shouldn't it be enough to tell SELinux, hey, this is a temp directory just like MySQL was using before?

Short of turning off SELinux, how do I make this work? Do I need to edit SELinux policy files?

© Server Fault or respective owner

Related posts about rhel5

Related posts about mysql