diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-13 12:24:36 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-13 12:24:36 +0000 |
| commit | 06eaf7232e9a920468c0f8d74dcf2fe8b555501c (patch) | |
| tree | e2c7b5777f728320e5b5542b6213fd3591ba51e2 /support-files/policy/selinux/README | |
| parent | Initial commit. (diff) | |
| download | mariadb-06eaf7232e9a920468c0f8d74dcf2fe8b555501c.tar.xz mariadb-06eaf7232e9a920468c0f8d74dcf2fe8b555501c.zip | |
Adding upstream version 1:10.11.6.upstream/1%10.11.6
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'support-files/policy/selinux/README')
| -rw-r--r-- | support-files/policy/selinux/README | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/support-files/policy/selinux/README b/support-files/policy/selinux/README new file mode 100644 index 00000000..3f695dc2 --- /dev/null +++ b/support-files/policy/selinux/README @@ -0,0 +1,20 @@ +Note: The included SELinux policy files can be used for MariaDB Galera cluster. +However, since these policies had been tested for a limited set of scenarios, +it is highly recommended that you run mysqld in "permissive" mode even with +these policies installed and report any denials on mariadb.org/jira. + + +How to generate and load the policy module of MariaDB Galera cluster ? + * Generate the SELinux policy module. + # cd <source>/policy/selinux/ + # make -f /usr/share/selinux/devel/Makefile mariadb-server.pp + + * Load the generated policy module. + # semodule -i /path/to/mariadb-server.pp + + * Lastly, run the following command to allow tcp/4568 and udp/4567. + # semanage port -a -t mysqld_port_t -p tcp 4568 + # semanage port -a -t mysqld_port_t -p udp 4567 + +How to run mysqld in permissve mode ? + # semanage permissive -a mysqld_t |