SELinux Fun With MySQL and Friends
SELinux Fun With MySQL and Friends
● What is SELinux
● MySQL and SELinux
● ProxySQL and SELinux
● Alternatives
You can use audit2allow to generate a loadable module to allow this access.
[root@localhost ~]#
Wait? What!
[root@localhost ~]#
© The Pythian Group Inc., 2020 29
ProxySQL log rotation
Seems to work?
[root@localhost ~]# logrotate -fv /etc/logrotate.d/proxysql ... but not in crontab!
reading config file /etc/logrotate.d/proxysql
Allocating hash table for state file, size 15360 B
Handling 1 logs
You can use audit2allow to generate a loadable module to allow this access.
require {
type logrotate_t;
type var_lib_t;
class file rename;
}
require {
type var_lib_t;
type logrotate_t;
type unreserved_port_t;
class tcp_socket name_connect;
class file { create rename setattr unlink write };
}