MDEV-10767 /tmp/wsrep_recovery.${RANDOM} file created in unallowed SELinux context

Problem:- To create file in /tmp dir mysqld require permission initrc_tmp_t. And mysqld does not have his permission. Solution:- Instead of giving mysqld permission of initrc_tmp_t , we redirected log to file in /tmp dir through shell. I also removed a earlier workarround in mysqld_safe.sh , which create tmp log file in datadir.
2025-07-25 16:39:52 +00:00 · 2017-09-11 17:46:56 +05:30
parent c9e111202e
commit bb7a70c955
2 changed files with 4 additions and 4 deletions
--- a/scripts/galera_recovery.sh
+++ b/scripts/galera_recovery.sh
@ -69,7 +69,7 @@ parse_arguments() {
 wsrep_recover_position() {
  # Redirect server's error log to the log file.
  eval /usr/sbin/mysqld $cmdline_args --user=$user --wsrep_recover \
-    --log-error="$log_file"
+    --disable-log-error 2> "$log_file"
  ret=$?
  if [ $ret -ne 0 ]; then
    # Something went wrong, let us also print the error log so that it
--- a/scripts/mysqld_safe.sh
+++ b/scripts/mysqld_safe.sh
@ -246,7 +246,7 @@ wsrep_recover_position() {
  local euid=$(id -u)
  local ret=0

-  local wr_logfile=$(mktemp $DATADIR/wsrep_recovery.XXXXXX)
+  local wr_logfile=$(mktemp wsrep_recovery.XXXXXX)

  # safety checks
  if [ -z $wr_logfile ]; then
@ -264,11 +264,11 @@ wsrep_recover_position() {

  local wr_pidfile="$DATADIR/"`@HOSTNAME@`"-recover.pid"

-  local wr_options="--log_error='$wr_logfile' --pid-file='$wr_pidfile'"
+  local wr_options="--disable-log-error  --pid-file='$wr_pidfile'"

  log_notice "WSREP: Running position recovery with $wr_options"

-  eval_log_error "$mysqld_cmd --wsrep_recover $wr_options"
+  eval_log_error "$mysqld_cmd --wsrep_recover $wr_options 2> $wr_logfile"

  local rp="$(grep 'WSREP: Recovered position:' $wr_logfile)"
  if [ -z "$rp" ]; then