From the
MySQL project page:
"The MySQL® database has become the world's most popular open source database because of its consistent fast performance, high reliability and ease of use. It's used on every continent -- Yes, even Antarctica! -- by individual Web developers as well as many of the world's largest and fastest-growing organizations to save time and money powering their high-volume Web sites, business-critical systems and packaged software -- including industry leaders such as Yahoo!, Alcatel-Lucent, Google, Nokia, YouTube, and Zappos.com."
In Red Hat Enterprise Linux, the mysql-server package provides MySQL. Run rpm -q mysql-server
to see if the mysql-server package is installed. If it is not installed, run the following command as the root user to install it:
yum install mysql-server
When MySQL is enabled, it runs confined by default. Confined processes run in their own domains, and are separated from other confined processes. If a confined process is compromised by an attacker, depending on SELinux policy configuration, an attacker's access to resources and the possible damage they can do is limited. The following example demonstrates the MySQL processes running in their own domain. This example assumes the mysql package is installed:
Run getenforce
to confirm SELinux is running in enforcing mode:
$ getenforce
Enforcing
The getenforce
command returns Enforcing
when SELinux is running in enforcing mode.
Run service mysqld start
as the root user to start mysqld
:
# service mysqld start
Initializing MySQL database: Installing MySQL system tables... [ OK ]
Starting MySQL: [ OK ]
Run ps -eZ | grep mysqld
to view the mysqld
processes:
$ ps -eZ | grep mysqld
unconfined_u:system_r:mysqld_safe_t:s0 6035 pts/1 00:00:00 mysqld_safe
unconfined_u:system_r:mysqld_t:s0 6123 pts/1 00:00:00 mysqld
The SELinux context associated with the mysqld
processes is unconfined_u:system_r:mysqld_t:s0
. The second last part of the context, mysqld_t
, is the type. A type defines a domain for processes and a type for files. In this case, the mysqld
processes are running in the mysqld_t
domain.