Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hi Community, I have installed MySQL in Redhat Linux, however, MySQL is not getting started. I'm getting some error when I check journalctl. How can fix this issue?
Jan 06 19:32:21 mysql-server setroubleshoot[4898]: AnalyzeThread.run(): Set alarm timeout to 10
Jan 06 19:32:21 mysql-server setroubleshoot[4898]: AnalyzeThread.run(): Cancel pending alarm
Jan 06 19:32:21 mysql-server setroubleshoot[4898]: failed to retrieve rpm info for /mysql/app/mysql-commercial-8.0.31-linux-glibc2.12-x86_64/bin/mysqld
Jan 06 19:32:21 mysql-server setroubleshoot[4898]: SELinux is preventing /mysql/app/mysql-commercial-8.0.31-linux-glibc2.12-x86_64/bin/mysqld from write access on the file #ib_redo1. For complete SELinux messages>
Jan 06 19:32:21 mysql-sever setroubleshoot[4898]: SELinux is preventing /mysql/app/mysql-commercial-8.0.31-linux-glibc2.12-x86_64/bin/mysqld from write access on the file #ib_redo1.
If you believe that mysqld should be allowed write access on the #ib_redo1 file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'boot' --raw | audit2allow -M my-boot
# semodule -X 300 -i my-boot.pp
Jan 06 19:32:21 mysql-server setroubleshoot[4898]: AnalyzeThread.run(): Set alarm timeout to 10
Jan 06 19:32:21 mysql-server setroubleshoot[4898]: AnalyzeThread.run(): Cancel pending alarm
Jan 06 19:32:21 mysql-server setroubleshoot[4898]: failed to retrieve rpm info for /mysql/app/mysql-commercial-8.0.31-linux-glibc2.12-x86_64/bin/mysqld
Jan 06 19:32:21 mysql-server sudo[73583]: PAM unable to dlopen(/usr/lib64/security/pam_fprintd.so): /usr/lib64/security/pam_fprintd.so: cannot open shared object file: No such file or directory
Jan 06 19:32:21 mysql-server sudo[73583]: PAM adding faulty module: /usr/lib64/security/pam_fprintd.so
Quote:
[root@mysql-server]# systemctl status mysqld
● mysqld.service - MySQL Server
Loaded: loaded (/usr/lib/systemd/system/mysqld.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Fri 2023-01-06 19:46:54 MST; 9s ago
Docs: man:mysqld(7) http://dev.mysql.com/doc/refman/en/using-systemd.html
Process: 109241 ExecStart=/mysql/app/mysql/bin/mysqld --defaults-file=/etc/my.cnf --daemonize --pid-file=/dat>
Main PID: 4019 (code=killed, signal=KILL)
Jan 06 19:46:54 mysql-server systemd[1]: mysqld.service: Control process exited, code=exited status=203
Jan 06 19:46:54 mysql-server systemd[1]: mysqld.service: Failed with result 'exit-code'.
Jan 06 19:46:54 mysql-server systemd[1]: Failed to start MySQL Server.
Jan 06 19:46:54 mysql-server systemd[1]: mysqld.service: Service RestartSec=100ms expired, scheduling restart.
Jan 06 19:46:54 mysql-server systemd[1]: mysqld.service: Scheduled restart job, restart counter is at 5.
Jan 06 19:46:54 mysql-server systemd[1]: Stopped MySQL Server.
Jan 06 19:46:54 mysql-server systemd[1]: mysqld.service: Start request repeated too quickly.
Jan 06 19:46:54 mysql-server systemd[1]: mysqld.service: Failed with result 'exit-code'.
Jan 06 19:46:54 mysql-server systemd[1]: Failed to start MySQL Server.
How did you install? A redhat rpm should have the selinux policies installed by default.
The best way to test is to turn off Selinux using "setenforce 0" and trying again. If you want to use this version, you will need to generate the policy probably using audit2allow.
Actually installed by someone else, and she's not with the company anymore. I'm not sure how she installed it, I think she downloaded the zip file. Not sure though. However, I can start it in permissive mode.
Howe audit2allow works? Can you help to provide the commands? I'm a newbie.
Thank you for your help.
Actually installed by someone else, and she's not with the company anymore. I'm not sure how she installed it, I think she downloaded the zip file. Not sure though. However, I can start it in permissive mode. Howe audit2allow works? Can you help to provide the commands? I'm a newbie.
Ok, so since this has probably never worked, why not just delete the existing MySQL installation, and install it from the RHEL repositories, which do everything for you, to make sure it's correct?? Since you're a 'newbie', that would be the far safest/easiest way to do it...and since you're using RHEL, you can easily just call Red Hat support for everything. How did you get into the Linux admin role, being a 'newbie'??
I meant newbie to SELinux. Actually I have been working as a windows administrator, and recently I started learning Linux. I can configure the webserver from different directories easily, however, MySQL is the first time looking into it. I added the SELinux label whatever is mentioned in MySQL documentation. It didn't work, that's why I thought community members have any idea about the issue.
I meant newbie to SELinux. Actually I have been working as a windows administrator, and recently I started learning Linux. I can configure the webserver from different directories easily, however, MySQL is the first time looking into it. I added the SELinux label whatever is mentioned in MySQL documentation. It didn't work, that's why I thought community members have any idea about the issue.
Ok, so go back to the solution offered: install it from the RHEL repositories, and contact RHEL support for help, since your organization is paying for RHEL. One command, and it's installed and selinux is configured. Doubtful it was installed from a .ZIP file, since that's typically for Windows...most Linux software will come in tar.gz files, but what makes you think the previous admin installed it from a compressed file??
Have you read the documentation on how to use the audit command mentioned? Or tried the command for selinux enforce to see if that gets it going?? And now you're mentioning a web-server...how is that fitting in with MySQL now? Because if you don't install things from the repositories, you are not going to get the updates/bug-fixes, and be left with an unstable system, that takes a LOT more to maintain and administer. Would you tell a Windows admin to install random stuff from ZIP's, and not stay up to date??
I just guessed they installed it from a zip file. I haven't seen any MySQL log in /var, I thought they just untar the file from that custom directory which is in /mysql. They might installed it from the repository.
I haven't installed webserver, I was just telling you that I know how to configure SELinux for a webserver.
I just guessed they installed it from a zip file. I haven't seen any MySQL log in /var, I thought they just untar the file from that custom directory which is in /mysql. They might installed it from the repository. I haven't installed webserver, I was just telling you that I know how to configure SELinux for a webserver.
Ok, so if you know how to configure one service, apply that exact same procedure for MySQL. And have you (again) contacted RHEL support for help, or done any research?? Putting "rhel selinux mysql" into a search-engine pulls up quite a bit. https://dev.mysql.com/doc/refman/8.0...-policies.html
You can look in /var/log/audit/audit.log, and run scripts to create a selinux policy to allow whatever mysql is doing. I've done this before (like 2 hours ago) but I am no expert on this so I can't give advice but there are plenty of tutorials on it.
This is if you don't want to move to a rhel version.
Distribution: openSUSE, Raspbian, Slackware. Previous: MacOS, Red Hat, Coherent, Consensys SVR4.2, Tru64, Solaris
Posts: 2,818
Rep:
Quote:
Originally Posted by TB0ne
Ok, so since this has probably never worked, why not just delete the existing MySQL installation, and install it from the RHEL repositories, which do everything for you, to make sure it's correct?? Since you're a 'newbie', that would be the far safest/easiest way to do it...and since you're using RHEL, you can easily just call Red Hat support for everything. How did you get into the Linux admin role, being a 'newbie'??
I second the call to Red Hat and having them help getting MySQL started. My worry about just clobbering the existing installation is that the OP's predecessor may have gotten the database up and running and it might contain data that ought to be exported before a re-installation from an RHEL rpm. Just bein' cautious.
You need to backup/export the data preferably in text form. That way, you can always import it. If you aren't doing this now, do this now. You can't back it up using "normal" tools if the database is running.
You need the db to be running, but not being changed ie used by anybody, then use the mysqldump tool.
This does actually work if the db is being used, but ofc it means the data may have changed as soon as it (mysqldump) releases the locks, so you won't know exactly what point in time data you have.
I applied SELinux policy "bin_t" on mysqld and that resolved the issue. Initially, I applied the SELinux policy "mysqld_db_t" on the directory and all files and sub-directory. Hope it helps someone if they are having the same issue.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.