How to change selinux when moving the default location (/var/lib/mysql).
In the default directory (/var/lib/mysql)
Run ls -lZ /var/lib/mysql
(ls is the selinux list function to detail the labels for each object.
This is the default directory and will list these objects.
drwx------. mysql mysql unconfined_u:object_r:mysqld_db_t:s0 mysql
This shows that mysqld_db_t is the default selinux context for the directory. Naturally when you move to a new location that directory context will be different. You have to add that to the object list for selinux to make it work.
The new directory I created was /mnt/data/sqldata
When I do a ls -LZ in the new location.
drwxr-xr-x. mysql mysql unconfined_u:object_r:usr_t:s0 sqldata
ug...not a mysql directory label. Have to do something about that!
Type:
semanage fcontext -a -t mysqld_db_t "/mnt/data/sqldata(/.*)?"
This adds an entry to the selinux context file.
/etc/selinux/targeted/contexts/files/file_contexts.local
This is where the file is located. In it you'll see
/mnt/data/sqldata(/.*)? system_u:object_r:mysqld_db_t:s0
But...to write it to the disk, you need an additional command.
restorecon -R -v /mnt/data/sqldata
Now when you do a ls -Z you'll see the new labels and be able to start up mysql and have it work.
ls -lZ /opt
drwxr-xr-x. mysql mysql system_u:object_r:mysqld_db_t:s0 mysql
Ya!
In the default directory (/var/lib/mysql)
Run ls -lZ /var/lib/mysql
(ls is the selinux list function to detail the labels for each object.
This is the default directory and will list these objects.
drwx------. mysql mysql unconfined_u:object_r:mysqld_db_t:s0 mysql
This shows that mysqld_db_t is the default selinux context for the directory. Naturally when you move to a new location that directory context will be different. You have to add that to the object list for selinux to make it work.
The new directory I created was /mnt/data/sqldata
When I do a ls -LZ in the new location.
drwxr-xr-x. mysql mysql unconfined_u:object_r:usr_t:s0 sqldata
ug...not a mysql directory label. Have to do something about that!
Type:
semanage fcontext -a -t mysqld_db_t "/mnt/data/sqldata(/.*)?"
This adds an entry to the selinux context file.
/etc/selinux/targeted/contexts/files/file_contexts.local
This is where the file is located. In it you'll see
/mnt/data/sqldata(/.*)? system_u:object_r:mysqld_db_t:s0
But...to write it to the disk, you need an additional command.
restorecon -R -v /mnt/data/sqldata
Now when you do a ls -Z you'll see the new labels and be able to start up mysql and have it work.
ls -lZ /opt
drwxr-xr-x. mysql mysql system_u:object_r:mysqld_db_t:s0 mysql
Ya!
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
