MySQL permission denied error even after setting security context for SELinux on VM

centos mysql selinux
14,459

Solution 1

I don't see anything directly wrong with what you're doing in terms of the commands you're running or how you're approaching the addition of /data/mysql with respect to SELinux.

Just to make sure things are working properly I would check if present and/or manually add this line to /etc/selinux/targeted/contexts/files/file_contexts.local.

/data/mysql(/.*)?   system_u:object_r:mysqld_db_t:s0

When I repeated your steps above I had that line added to my file_contexts.local file as expected.

I would double check your steps you're following against the steps discussed here in this Redhat specific document titled: 10.4.1. MySQL Changing Database Location.

Solution 2

This problem can occur without SELinux and AppArmor on Debian 9 and other systemd-based distros, when the MySQL datadir is moved anywhere under /home.

The reason for this is the systemd service file (/lib/systemd/system/mariadb.service) contains the setting: ProtectHome=true . This setting will prevent MySQL from writing to any folder under /home and thus it will throw ErrNo 13: Permission Denied errors on startup.

The fix is to either move the data dir out of /home, or otherwise to turn off this security feature in the systemd service file:

1: sudo cp /lib/systemd/system/mariadb.service /etc/systemd/system/ # make a local override of the service file

2: Edit /etc/systemd/system/mariadb.service and change ProtectHome to be false (ProtectHome=false). Save the file

3: sudo systemd daemon-reload # refresh the systemd services so it sees your override file

4: sudo systemctl start mysql # and it should finally start

Share:
14,459

Related videos on Youtube

PAS
Author by

PAS

Updated on September 18, 2022

Comments

  • PAS
    PAS over 1 year

    I have MySQL installed on CentOS (detail versions given below). My OS is a VM machine and not a physical machine, the directory /data/mysql is a local disk (virtual). I suspect I might need to do some extra steps in a virtualized environment. This link has some information on SELinux & virtualization but not sure how to include it for MySQL.

    MySQL works fine with the data directory in /var/lib/mysql but the moment I move it to another directory on different disk it stops working. Whereas different directory on the same disk works. If I disable SELinux, MySQL works with different disk. SELinux is restricting different drive. I tried the solution given in the following two links

    In particular the following two commands:

    $ semanage fcontext --add --type mysqld_db_t '/data/mysql(/.*)?'
$ restorecon -r /data/mysql

    When I run:

    $ ls -dZ /data/mysql

    I get the following:

    drwxr-xr-x. mysql mysql unconfined_u:object_r:mysqld_db_t:SystemLow

    Still I keep getting:

    /usr/sbin/mysqld: Can't change dir to '/data/mysql/' (Errcode: 13 - Permission denied)

    Is there anything else I need to do?

    • MySQL : mysql Ver 14.14 Distrib 5.6.14, for Linux (x86_64) using EditLine wrapper
    • OS : CentOS release 6.4 (Final)
    • PAS
      PAS over 10 years
      /etc/selinux/targeted/contexts/files/file_contexts file doesn't have entry for path. I am pretty new to SELinux. Not sure what to edit there.
    • PAS
      PAS over 10 years
      I checked /etc/selinux/targeted/contexts/files/file_contexts.local and there were several entries which were added during trying out different command. I removed everything using semanage fcontext -D and re-ran semanage fcontext --add --type mysqld_db_t '/data/mysql(/.*)?' and it worked.
    • PAS
      PAS over 10 years
      I also needed to change the container of that folder to var_lib_t type. Not sure why this matters.
  • PAS
    PAS over 10 years
    Thanks for the info about file_contexts.local. My file_contexts.local had lot of interfering entries. I cleaned all of them using semanage fcontext -D and readded semanage fcontext --add --type mysqld_db_t '/data/mysql(/.*)?'
  • rinogo
    rinogo over 3 years
    I've been searching for why my table-level DATA DIRECTORY specification wouldn't work. Turns out it only happens when using a directory in /home, which led me to this answer. Thank you!
  • rinogo
    rinogo over 3 years
    In the hopes it helps someone else out there, these are the specific error messages I was receiving: 2020-10-06 1:48:28 14 [ERROR] InnoDB: Operating system error number 13 in a file operation. 2020-10-06 1:48:28 14 [ERROR] InnoDB: The error means mysqld does not have the access rights to the directory.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

SELinux: Letting Apache talk to MySQL on CentOS
PHP on centos 6 not working
Unknown/unsupported storage engine: InnoDB
CentOS: MySQL ERRNO 28
mysql.sock not found, where can i find it?
Package Requires: libcurl.so.3
Access denied for user 'root@localhost' (using password: YES)
Copy text from a webpage
No module named MySQLdb even if MySQL-python installed?
Phpmyadmin is not showing all tables in a mysql database