Chapter 9. MySQL
The MySQL database is a multi-user, multi-threaded SQL database server that consists of the MySQL server daemon (
mysqld) and many client programs and libraries.[7]
In Red Hat Enterprise Linux, the mysql-server package provides MySQL. Run the
rpm -q mysql-server command to see if the mysql-server package is installed. If it is not installed, run the following command as the root user to install it:
~]# yum install mysql-server9.1. MySQL and SELinux
When MySQL is enabled, it runs confined by default. Confined processes run in their own domains, and are separated from other confined processes. If a confined process is compromised by an attacker, depending on SELinux policy configuration, an attacker's access to resources and the possible damage they can do is limited. The following example demonstrates the MySQL processes running in their own domain. This example assumes the mysql package is installed:
- Run the
getenforcecommand to confirm SELinux is running in enforcing mode:~]$
getenforceEnforcingThegetenforcecommand returnsEnforcingwhen SELinux is running in enforcing mode. - Run the
service mysqld startcommand as the root user to startmysqld:~]#
service mysqld startInitializing MySQL database: Installing MySQL system tables... [ OK ] Starting MySQL: [ OK ] - Run the
ps -eZ | grep mysqldcommand to view themysqldprocesses:~]$
ps -eZ | grep mysqldunconfined_u:system_r:mysqld_safe_t:s0 6035 pts/1 00:00:00 mysqld_safe unconfined_u:system_r:mysqld_t:s0 6123 pts/1 00:00:00 mysqldThe SELinux context associated with themysqldprocesses isunconfined_u:system_r:mysqld_t:s0. The second last part of the context,mysqld_t, is the type. A type defines a domain for processes and a type for files. In this case, themysqldprocesses are running in themysqld_tdomain.
