Hi guys,

I'm looking into SELinux in Fedora's MariaDB package and I can see that we have two types in MariaDB that have setuid/setgid capability.

1st: https://github.com/fedora-selinux/selinux-policy/blob/rawhide/policy/modules/contrib/mysql.te#L70

2nd: https://github.com/fedora-selinux/selinux-policy/blob/rawhide/policy/modules/contrib/mysql.te#L199

My question is, does mysqld_t need to have this capability?

I found that setuid/setgid is used inside mysqld_safe_helper (mariadbd-safe-helper).
Are there any other cases when MariaDB uses these functions?

Thank you for letting me know

S pozdravom/ Best regards

Lukáš Javorský

Associate Software Engineer, Core service - Databases

Red Hat

Purkyňova 115 (TPB-C)

612 00 Brno - Královo Pole