We’re using the RHEL 7 ProxySQL package from Percona repository to connect to our XtraDB cluster nodes.
Everything works fine except of the logfile rotating. After doing some research I realized that SELinux denies accessing port 6032 to ‘mysql’ command line tool.
These lines are used as ‘postrotate’ command in the logrotate configuration:
I wonder why no one else has this issue - I couldn’t find any similar report.
IMHO the RHEL package should also install a SELinux module to allow accessing the needed port. Or registering the port with SELInux… I’m not sure which is the preferred way with SELinux - I’m a newbie on this territory.
The last link tells more or less what I did in the end… I compiled a module of my own to define a port and allow logrotate to access it. But I expected from a RHEL package that it would work right away.
To enable permissive mode is not really a solution IMHO…
Here is the content of the module I wrote:
module logrotate_proxysql 1.0;
require {
type logrotate_t;
class tcp_socket name_connect;
attribute port_type;
};
type admin_proxysql_port_t, port_type;
allow logrotate_t admin_proxysql_port_t:tcp_socket name_connect;
As a new member, because we get a lot of spam from bots, your answers are moderated initially, and the Forum is moderated generally from Monday to Friday.
Thanks for sharing how you fixed your code, glad you got it working.