MySQL can not write in the /tmp dir

This entry is part 9 of 9 in the series: Administering MySQL from the command line

MySQL

Yesterday I was doing some operations with the SELinux in the development server and from that moment the MySQL throws an error that couldn't write in /tmp dir, then I restarted the mysql server and check its log with:

# tail -f /var/log/mysqld.log
/usr/libexec/mysqld: error while loading shared libraries: 
librt.so.1: cannot open shared object file: Permission denied

I then inspected the log messages

# tail -f /var/log/messages
...
avc:  denied  { search } for  pid=1860 comm="mcstransd" name="/" 
dev=sda2 ino=2 scontext=system_u:system_r:setrans_t:s0-s0:c0.c1023 
tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir
...

From above message I realized that I had changed the context to the root dir (/) to httpd_sys_content_t therefore the solution was to reset the context:

# chcon -t root_t /

Then:

# service mysqld start

and everything worked Ok.

Conclusion

The SELinux increases the level of security of GNU/Linux servers but we must be careful when working with it because it can cause that our services become inoperable for minutes or hours.

Recommendation

Have a test server where you You can run all the necessary operations with the SELinux before deploy them on a production server.




Leave a Comment

Your email address will not be published. Required fields are marked *