Red Hat Training

A Red Hat training course is available for Red Hat Enterprise Linux

Chapter 9. MySQL

The MySQL database is a multi-user, multi-threaded SQL database server that consists of the MySQL server daemon (mysqld) and many client programs and libraries.[7]
In Red Hat Enterprise Linux, the mysql-server package provides MySQL. Run the rpm -q mysql-server command to see if the mysql-server package is installed. If it is not installed, run the following command as the root user to install it:
~]# yum install mysql-server

9.1. MySQL and SELinux

When MySQL is enabled, it runs confined by default. Confined processes run in their own domains, and are separated from other confined processes. If a confined process is compromised by an attacker, depending on SELinux policy configuration, an attacker's access to resources and the possible damage they can do is limited. The following example demonstrates the MySQL processes running in their own domain. This example assumes the mysql package is installed:
  1. Run the getenforce command to confirm SELinux is running in enforcing mode:
    ~]$ getenforce
    Enforcing
    
    The getenforce command returns Enforcing when SELinux is running in enforcing mode.
  2. Run the service mysqld start command as the root user to start mysqld:
    ~]# service mysqld start
    Initializing MySQL database:  Installing MySQL system tables... [  OK  ]
    Starting MySQL:                                            	[  OK  ]
    
  3. Run the ps -eZ | grep mysqld command to view the mysqld processes:
    ~]$ ps -eZ | grep mysqld
    unconfined_u:system_r:mysqld_safe_t:s0 6035 pts/1 00:00:00 mysqld_safe
    unconfined_u:system_r:mysqld_t:s0 6123 pts/1   00:00:00 mysqld
    
    The SELinux context associated with the mysqld processes is unconfined_u:system_r:mysqld_t:s0. The second last part of the context, mysqld_t, is the type. A type defines a domain for processes and a type for files. In this case, the mysqld processes are running in the mysqld_t domain.


[7] Refer to the MySQL project page for more information.