Making SELinux work with a MariaDB Galera Cluster

In my last article, I have described how I did to set up a Galera Cluster. The process works fine if you disable SELinux, however, more than one would like it on for security reasons.

Symptom

You may find one of the following lines in your log:

Read: ''rsync' not found in PATH'Read: ''rsync' not found in PATH''/usr//bin/wsrep_sst_rsync: line 350: /usr//bin/rsync: Permission denied'
rsyncd version 3.0.9 starting, listening on port 4444
bind() failed: Permission denied (address-family 2)
unable to bind any inbound sockets on port 4444

SELinux Configuration

You will need to install the policycoreutils-python package. After that, run the following sequence.

grep mysql /var/log/audit/audit.log | audit2allow -M galera
semodule -i galera.pp
grep rsync /var/log/audit/audit.log | audit2allow -M galera-rsync
semodule -i galera-rsync.pp

You will need to run this more than once, as the log will need more evidence to build the proper policy.

Good luck!