diff --git a/policy/modules/services/mysql.te b/policy/modules/services/mysql.te index 728f500..d42ffa3 100644 --- a/policy/modules/services/mysql.te +++ b/policy/modules/services/mysql.te @@ -1,5 +1,5 @@ -policy_module(mysql, 1.11.0) +policy_module(mysql, 1.11.1) ######################################## # @@ -64,7 +64,7 @@ files_tmp_filetrans(mysqld_t, mysqld_tmp_t, { file dir }) manage_files_pattern(mysqld_t, mysqld_var_run_t, mysqld_var_run_t) manage_sock_files_pattern(mysqld_t, mysqld_var_run_t, mysqld_var_run_t) -files_pid_filetrans(mysqld_t, mysqld_var_run_t,{ file sock_file }) +files_pid_filetrans(mysqld_t, mysqld_var_run_t, { file sock_file }) kernel_read_system_state(mysqld_t) kernel_read_kernel_sysctls(mysqld_t) @@ -137,9 +137,14 @@ allow mysqld_safe_t self:fifo_file rw_fifo_file_perms; domtrans_pattern(mysqld_safe_t, mysqld_exec_t, mysqld_t) allow mysqld_safe_t mysqld_log_t:file manage_file_perms; + +allow mysqld_safe_t mysqld_var_run_t:sock_file unlink; + +domain_read_all_domains_state(mysqld_safe_t) + logging_log_filetrans(mysqld_safe_t, mysqld_log_t, file) -kernel_read_system_state(mysqld_safe_t) +kernel_read_system_state(mysqld_safe_t) dev_list_sysfs(mysqld_safe_t) @@ -150,9 +155,9 @@ corecmd_exec_bin(mysqld_safe_t) hostname_exec(mysqld_safe_t) -miscfiles_read_localization(mysqld_safe_t) +miscfiles_read_localization(mysqld_safe_t) -mysql_append_db_files(mysqld_safe_t) +mysql_manage_db_files(mysqld_safe_t) mysql_read_config(mysqld_safe_t) mysql_search_pid_files(mysqld_safe_t) mysql_write_log(mysqld_safe_t)