MySQL permission denied error even after setting security context for SELinux on VM
Solution 1
I don't see anything directly wrong with what you're doing in terms of the commands you're running or how you're approaching the addition of /data/mysql
with respect to SELinux.
Just to make sure things are working properly I would check if present and/or manually add this line to /etc/selinux/targeted/contexts/files/file_contexts.local
.
/data/mysql(/.*)? system_u:object_r:mysqld_db_t:s0
When I repeated your steps above I had that line added to my file_contexts.local
file as expected.
I would double check your steps you're following against the steps discussed here in this Redhat specific document titled: 10.4.1. MySQL Changing Database Location.
Solution 2
This problem can occur without SELinux and AppArmor on Debian 9 and other systemd-based distros, when the MySQL datadir is moved anywhere under /home.
The reason for this is the systemd service file (/lib/systemd/system/mariadb.service) contains the setting: ProtectHome=true . This setting will prevent MySQL from writing to any folder under /home and thus it will throw ErrNo 13: Permission Denied errors on startup.
The fix is to either move the data dir out of /home, or otherwise to turn off this security feature in the systemd service file:
1: sudo cp /lib/systemd/system/mariadb.service /etc/systemd/system/ # make a local override of the service file
2: Edit /etc/systemd/system/mariadb.service and change ProtectHome to be false (ProtectHome=false). Save the file
3: sudo systemd daemon-reload # refresh the systemd services so it sees your override file
4: sudo systemctl start mysql # and it should finally start
Related videos on Youtube
PAS
Updated on September 18, 2022Comments
-
PAS over 1 year
I have MySQL installed on CentOS (detail versions given below). My OS is a VM machine and not a physical machine, the directory
/data/mysql
is a local disk (virtual). I suspect I might need to do some extra steps in a virtualized environment. This link has some information on SELinux & virtualization but not sure how to include it for MySQL.MySQL works fine with the data directory in
/var/lib/mysql
but the moment I move it to another directory on different disk it stops working. Whereas different directory on the same disk works. If I disable SELinux, MySQL works with different disk. SELinux is restricting different drive. I tried the solution given in the following two linksIn particular the following two commands:
$ semanage fcontext --add --type mysqld_db_t '/data/mysql(/.*)?' $ restorecon -r /data/mysql
When I run:
$ ls -dZ /data/mysql
I get the following:
drwxr-xr-x. mysql mysql unconfined_u:object_r:mysqld_db_t:SystemLow
Still I keep getting:
/usr/sbin/mysqld: Can't change dir to '/data/mysql/' (Errcode: 13 - Permission denied)
Is there anything else I need to do?
- MySQL : mysql Ver 14.14 Distrib 5.6.14, for Linux (x86_64) using EditLine wrapper
- OS : CentOS release 6.4 (Final)
-
PAS over 10 years/etc/selinux/targeted/contexts/files/file_contexts file doesn't have entry for path. I am pretty new to SELinux. Not sure what to edit there.
-
PAS over 10 yearsI checked /etc/selinux/targeted/contexts/files/file_contexts.local and there were several entries which were added during trying out different command. I removed everything using semanage fcontext -D and re-ran semanage fcontext --add --type mysqld_db_t '/data/mysql(/.*)?' and it worked.
-
PAS over 10 yearsI also needed to change the container of that folder to var_lib_t type. Not sure why this matters.
-
PAS over 10 yearsThanks for the info about file_contexts.local. My file_contexts.local had lot of interfering entries. I cleaned all of them using semanage fcontext -D and readded semanage fcontext --add --type mysqld_db_t '/data/mysql(/.*)?'
-
rinogo over 3 yearsI've been searching for why my table-level
DATA DIRECTORY
specification wouldn't work. Turns out it only happens when using a directory in/home
, which led me to this answer. Thank you! -
rinogo over 3 yearsIn the hopes it helps someone else out there, these are the specific error messages I was receiving:
2020-10-06 1:48:28 14 [ERROR] InnoDB: Operating system error number 13 in a file operation. 2020-10-06 1:48:28 14 [ERROR] InnoDB: The error means mysqld does not have the access rights to the directory.