Product SiteDocumentation Site

Chapter 10. MySQL

10.1. MySQL and SELinux
10.2. Types
10.3. Booleans
10.4. Configuration Examples
10.4.1. MySQL Changing Database Location
From the MySQL project page:
"The MySQL® database has become the world's most popular open source database because of its consistent fast performance, high reliability and ease of use. It's used on every continent -- Yes, even Antarctica! -- by individual Web developers as well as many of the world's largest and fastest-growing organizations to save time and money powering their high-volume Web sites, business-critical systems and packaged software -- including industry leaders such as Yahoo!, Alcatel-Lucent, Google, Nokia, YouTube, and Zappos.com."
In Red Hat Enterprise Linux, the mysql-server package provides MySQL. Run rpm -q mysql-server to see if the mysql-server package is installed. If it is not installed, run the following command as the root user to install it:
yum install mysql-server

10.1. MySQL and SELinux

When MySQL is enabled, it runs confined by default. Confined processes run in their own domains, and are separated from other confined processes. If a confined process is compromised by an attacker, depending on SELinux policy configuration, an attacker's access to resources and the possible damage they can do is limited. The following example demonstrates the MySQL processes running in their own domain. This example assumes the mysql package is installed:
  1. Run getenforce to confirm SELinux is running in enforcing mode:
    $ getenforce
    Enforcing
    
    The getenforce command returns Enforcing when SELinux is running in enforcing mode.
  2. Run service mysqld start as the root user to start mysqld:
    # service mysqld start
    Initializing MySQL database:  Installing MySQL system tables... [  OK  ]
    Starting MySQL:                                            	[  OK  ]
    
  3. Run ps -eZ | grep mysqld to view the mysqld processes:
    $ ps -eZ | grep mysqld
    unconfined_u:system_r:mysqld_safe_t:s0 6035 pts/1 00:00:00 mysqld_safe
    unconfined_u:system_r:mysqld_t:s0 6123 pts/1   00:00:00 mysqld
    
    The SELinux context associated with the mysqld processes is unconfined_u:system_r:mysqld_t:s0. The second last part of the context, mysqld_t, is the type. A type defines a domain for processes and a type for files. In this case, the mysqld processes are running in the mysqld_t domain.