Bug#22286481 UNABLE TO START SERVER/CREATE DB WHEN SELINUX ENABLED WI…

…TH ENFORCING

Bug#22314098 MYSQL 5.7 SERVER START FAILING AFTER INSTALLATION

Due to SELinux policy mysqld can't read init-file located elsewhere than
/var/lib/mysql. --initialize wants clean datadir.

Move installing of validate password plugin to after initialize
is done and use /var/lib/mysql as directory for init-file option.

Use of other directory than /var/lib/mysql caused SELinux to deny
access to file used as argument to --init-file. This broke initscript for
new installations

SELinux on Fedora don't accept access to /tmp for mysqld, use /var/tmp
instead.

packaging/rpm-fedora/mysql.spec.in

@@ -389,6 +389,7 @@ mkdir debug
            -DBUILD_CONFIG=mysql_release \
            -DINSTALL_LAYOUT=RPM \
            -DCMAKE_BUILD_TYPE=Debug \
+           -DTMPDIR=/var/tmp \
            -DWITH_BOOST=.. \
            -DWITH_MECAB=system \
            -DCMAKE_C_FLAGS="$optflags" \
@@ -416,6 +417,7 @@ mkdir release
            -DBUILD_CONFIG=mysql_release \
            -DINSTALL_LAYOUT=RPM \
            -DCMAKE_BUILD_TYPE=RelWithDebInfo \
+           -DTMPDIR=/var/tmp \
            -DWITH_BOOST=.. \
            -DWITH_MECAB=system \
            -DCMAKE_C_FLAGS="%{optflags}" \

packaging/rpm-oel/mysql.init

@@ -61,15 +61,12 @@ esac
 install_validate_password_sql_file () {
     local dir
     local initfile
-    if [ -d /var/lib/mysql-files ]; then
-        dir=/var/lib/mysql-files
-    else
-        dir=/tmp
-    fi
+    dir=/var/lib/mysql
     initfile="$(mktemp $dir/install-validate-password-plugin.XXXXXX.sql)"
     chown mysql:mysql "$initfile"
-    echo "INSERT INTO mysql.plugin (name, dl) VALUES ('validate_password', 'validate_password.so');" > $initfile
-    echo $initfile
+    echo "INSERT INTO mysql.plugin (name, dl) VALUES ('validate_password', 'validate_password.so');" > "$initfile"
+    echo "SHUTDOWN;" >> "$initfile"
+    echo "$initfile"
 }
 
 start(){
@@ -86,9 +83,9 @@ start(){
 	action $"Starting $prog: " /bin/true
 	ret=0
     else
-    	# prepare for start
+	# prepare for start
 	touch "$errlogfile"
-	chown mysql:mysql "$errlogfile" 
+	chown mysql:mysql "$errlogfile"
 	chmod 0640 "$errlogfile"
 	[ -x /sbin/restorecon ] && /sbin/restorecon "$errlogfile"
 	if [ ! -d "$datadir/mysql" ] ; then
@@ -99,19 +96,26 @@ start(){
 	    fi
 	    chown mysql:mysql "$datadir"
 	    chmod 0751 "$datadir"
-	    [ -x /sbin/restorecon ] && /sbin/restorecon "$datadir"
+	    if [ -x /sbin/restorecon ] ; then
+		/sbin/restorecon "$datadir"
+		if [ -x /usr/sbin/semanage -a -d /var/lib/mysql -a -d /var/lib/mysql-files ] ; then
+		    /usr/sbin/semanage fcontext -a -e /var/lib/mysql /var/lib/mysql-files >/dev/null 2>&1
+		    /sbin/restorecon /var/lib/mysql-files
+		fi
+	    fi
 	    # Now create the database
-            initfile="$(install_validate_password_sql_file)"
-	    action $"Initializing MySQL database: " /usr/sbin/mysqld --initialize --datadir="$datadir" --user=mysql --init-file="$initfile"
+	    action $"Initializing MySQL database: " /usr/sbin/mysqld --initialize --datadir="$datadir" --user=mysql
+	    ret=$?
+	    [ $ret -ne 0 ] && return $ret
+	    initfile="$(install_validate_password_sql_file)"
+	    action $"Installing validate password plugin: " /usr/sbin/mysqld --datadir="$datadir" --user=mysql --init-file="$initfile"
 	    ret=$?
-            rm -f "$initfile"
+	    rm -f "$initfile"
 	    chown -R mysql:mysql "$datadir"
-            # Generate certs if needed
-            if [ -x /usr/bin/mysql_ssl_rsa_setup -a ! -e "${datadir}/server-key.pem" ] ; then
-                /usr/bin/mysql_ssl_rsa_setup --datadir="$datadir" --uid=mysql >/dev/null 2>&1
-            fi
-	    if [ $ret -ne 0 ] ; then
-		return $ret
+	    [ $ret -ne 0 ] && return $ret
+	    # Generate certs if needed
+	    if [ -x /usr/bin/mysql_ssl_rsa_setup -a ! -e "${datadir}/server-key.pem" ] ; then
+		/usr/bin/mysql_ssl_rsa_setup --datadir="$datadir" --uid=mysql >/dev/null 2>&1
 	    fi
 	fi
 	chown mysql:mysql "$datadir"
@@ -164,7 +168,7 @@ stop(){
 	    action $"Stopping $prog: " /bin/true
 	    return 0
 	fi
-	MYSQLPID=`cat "$mypidfile"`
+	MYSQLPID=$(cat "$mypidfile")
 	if [ -n "$MYSQLPID" ]; then
 	    /bin/kill "$MYSQLPID" >/dev/null 2>&1
 	    ret=$?
@@ -194,7 +198,7 @@ stop(){
 	fi
 	return $ret
 }
- 
+
 restart(){
     stop
     start