grsecurity forums


https://forums.grsecurity.net./

subject not able to connect()to /var/run/mysqld/mysqld.sock?

https://forums.grsecurity.net./viewtopic.php?f=5&t=1914

Page 1 of 1

subject not able to connect()to /var/run/mysqld/mysqld.sock?

PostPosted: Fri Feb 29, 2008 4:16 pm
by law
Hey all, I'm trying to get mysqladmin to play nice under grsec. I've got a policy defined like so:

subject /usr/local/mysql-5.0.45-linux-i686-glibc23/bin/mysqldump {
# Conf dir
/etc/mysql r

# Data dir
/var/lib/mysql rwcdl

# Log dir
/var/mysql rwcdl

# /tmp
/tmp rwcd

# Mysql socket dir
/var/run/mysql rwcdl
/var/run/mysql/* rwcdl

# Bind to mysql port
bind 0.0.0.0/0:3306 stream tcp

}

Why aren't either of the /var/run/mysql objects matching? The error message in grsec.err is:
(root:U:/usr/local/mysql-5.0.45-linux-i686-glibc23/bin/mysqldump) denied connect() to the unix domain socket /var/run/mysqld/mysqld.sock by /usr/local/mysql-5.0.45-linux-i686-glibc23/bin/mysqldump[mysqldump:9117] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[sh:9116] uid/euid:0/0 gid/egid:0/0

Thoughts? Many thanks in advance!
--Lee

Re: subject not able to connect()to /var/run/mysqld/mysqld.sock?

PostPosted: Fri Feb 29, 2008 5:03 pm
by law
Actually, scratch that. There's a world of difference between "mysql" and *"mysqld"*! Must... get... coffee... :P

--Lee
All times are UTC - 5 hours [ DST ]
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/