subject not able to connect()to /var/run/mysqld/mysqld.sock?

Submit your RBAC policies or suggest policy improvements

Moderators: spender, PaX Team

subject not able to connect()to /var/run/mysqld/mysqld.sock?

Postby law » Fri Feb 29, 2008 4:16 pm

Hey all, I'm trying to get mysqladmin to play nice under grsec. I've got a policy defined like so:

subject /usr/local/mysql-5.0.45-linux-i686-glibc23/bin/mysqldump {
# Conf dir
/etc/mysql r

# Data dir
/var/lib/mysql rwcdl

# Log dir
/var/mysql rwcdl

# /tmp
/tmp rwcd

# Mysql socket dir
/var/run/mysql rwcdl
/var/run/mysql/* rwcdl

# Bind to mysql port
bind 0.0.0.0/0:3306 stream tcp

}

Why aren't either of the /var/run/mysql objects matching? The error message in grsec.err is:
(root:U:/usr/local/mysql-5.0.45-linux-i686-glibc23/bin/mysqldump) denied connect() to the unix domain socket /var/run/mysqld/mysqld.sock by /usr/local/mysql-5.0.45-linux-i686-glibc23/bin/mysqldump[mysqldump:9117] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[sh:9116] uid/euid:0/0 gid/egid:0/0

Thoughts? Many thanks in advance!
--Lee
law
 
Posts: 15
Joined: Wed Jun 27, 2007 2:21 pm

Re: subject not able to connect()to /var/run/mysqld/mysqld.sock?

Postby law » Fri Feb 29, 2008 5:03 pm

Actually, scratch that. There's a world of difference between "mysql" and *"mysqld"*! Must... get... coffee... :P

--Lee
law
 
Posts: 15
Joined: Wed Jun 27, 2007 2:21 pm


Return to RBAC policy development

cron