mariadb/support-files/policy/selinux
2025-04-29 11:18:00 +10:00
..
mariadb-server.fc MDEV-18379: Unification of check for IPv6 2019-01-26 01:15:44 +01:00
mariadb-server.te MDEV-33301 memlock with systemd still not working 2024-02-15 12:58:13 +11:00
mariadb.te selinux fixes for 10.0->10.1 merge 2017-01-17 20:16:01 +01:00
README Fix remaining typos 2025-04-29 11:18:00 +10:00

Note: The included SELinux policy files can be used for MariaDB Galera cluster.
However, since these policies had been tested for a limited set of scenarios,
it is highly recommended that you run mysqld in "permissive" mode even with
these policies installed and report any denials on mariadb.org/jira.


How to generate and load the policy module of MariaDB Galera cluster ?
  * Generate the SELinux policy module.
    # cd <source>/policy/selinux/
    # make -f /usr/share/selinux/devel/Makefile mariadb-server.pp

  * Load the generated policy module.
    # semodule -i /path/to/mariadb-server.pp

  * Lastly, run the following command to allow tcp/4568 and udp/4567.
    # semanage port -a -t mysqld_port_t -p tcp 4568
    # semanage port -a -t mysqld_port_t -p udp 4567

How to run mysqld in permissive mode ?
  # semanage permissive -a mysqld_t