https://github.com/MariaDB/server/commit/8fcdd6b0ecbb966f4479856efe93a963a7a...
Change committed 12/24/2016
[root@server~]# audit2allow -w -a type=AVC msg=audit(1483109493.114:191353): avc: denied { setgid } for pid=19833 comm="mysqld_safe_hel" capability=6 scontext=unconfined_u:system_r:mysqld_safe_t:s0 tcontext=unconfined_u:system_r:mysqld_safe_t:s0 tclass=capability Was caused by: Missing type enforcement (TE) allow rule.
You can use audit2allow to generate a loadable module to allow this access.
[root@server ~]# audit2allow -a #============= mysqld_safe_t ============== allow mysqld_safe_t self:capability { setgid setuid };
I created a temporary policy to allow it so Selinux remains online.
This is a first for me for MySQL/mariaDB. Did they break something?
module MariaDB-5.5.54-mysqlhelper 1.0;
require { type mysqld_safe_t; class capability { setgid setuid }; }
#============= mysqld_safe_t ============== allow mysqld_safe_t self:capability { setgid setuid };
selinux@lists.fedoraproject.org