Chapter 9. MySQL

The MySQL database is a multi-user, multi-threaded SQL database server that consists of the MySQL server daemon (mysqld) and many client programs and libraries.[7]
In Red Hat Enterprise Linux, the mysql-server package provides MySQL. Run the rpm -q mysql-server command to see if the mysql-server package is installed. If it is not installed, run the following command as the root user to install it: 
~]# yum install mysql-server

9.1. MySQL and SELinux

When MySQL is enabled, it runs confined by default. Confined processes run in their own domains, and are separated from other confined processes. If a confined process is compromised by an attacker, depending on SELinux policy configuration, an attacker's access to resources and the possible damage they can do is limited. The following example demonstrates the MySQL processes running in their own domain. This example assumes the mysql package is installed:
  1. Run the getenforce command to confirm SELinux is running in enforcing mode: 
    ~]$ getenforce
Enforcing
    The getenforce command returns Enforcing when SELinux is running in enforcing mode.
  2. Run the service mysqld start command as the root user to start mysqld: 
    ~]# service mysqld start
Initializing MySQL database:  Installing MySQL system tables... [  OK  ]
Starting MySQL:                                            	[  OK  ]
  3. Run the ps -eZ | grep mysqld command to view the mysqld processes: 
    ~]$ ps -eZ | grep mysqld
unconfined_u:system_r:mysqld_safe_t:s0 6035 pts/1 00:00:00 mysqld_safe
unconfined_u:system_r:mysqld_t:s0 6123 pts/1   00:00:00 mysqld
    The SELinux context associated with the mysqld processes is unconfined_u:system_r:mysqld_t:s0. The second last part of the context, mysqld_t, is the type. A type defines a domain for processes and a type for files. In this case, the mysqld processes are running in the mysqld_t domain.

[7] Refer to the MySQL project page for more information.