Uploaded image for project: 'Percona Server'
  1. Percona Server
  2. PS-3059

LP #1246288: mysqld_safe drops caches in 5.6

    Details

    • Type: Bug
    • Status: Done
    • Priority: Low
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None

      Description

      **Reported in Launchpad by David Busby last update 30-10-2013 12:34:57

      PS 56-5.6.14-rel62

      Line 773 -> 774 of mysqld_safe:

      """

      1. Purge page cache, dentires and inodes.
        elif ! sysctl -q-w vm.drop_caches=3
        """

      This also leads (rightly so) to an selinux denial (tested on Fedora19):


      Additional Information:
      Source Context unconfined_u:system_r:mysqld_safe_t:s0
      Target Context system_u:object_r:sysctl_vm_t:s0
      Target Objects /proc/sys/vm/drop_caches [ file ]
      Source sysctl
      Source Path /usr/sbin/sysctl
      Port <Unknown>
      Host phobetor-oneiroi-co-uk
      Source RPM Packages procps-ng-3.3.8-10.fc19.x86_64
      Target RPM Packages
      Policy RPM selinux-policy-3.12.1-74.10.fc19.noarch
      Selinux Enabled True
      Policy Type targeted
      Enforcing Mode Enforcing
      Host Name phobetor-oneiroi-co-uk
      Platform Linux phobetor-oneiroi-co-uk
      3.11.6-200.fc19.x86_64 #1 SMP Fri Oct 18 22:34:18
      UTC 2013 x86_64 x86_64
      Alert Count 16
      First Seen 2013-10-19 14:02:02 BST
      Last Seen 2013-10-30 12:16:19 GMT
      Local ID aee4f2c2-c57f-4da3-a9f8-659768f9a645

      Raw Audit Messages
      type=AVC msg=audit(1383135379.894:520): avc: denied

      { getattr }

      for pid=3675 comm="sysctl" path="/proc/sys/vm/drop_caches" dev="proc" ino=21262 scontext=unconfined_u:system_r:mysqld_safe_t:s0 tcontext=system_u:object_r:sysctl_vm_t:s0 tclass=file

      type=SYSCALL msg=audit(1383135379.894:520): arch=x86_64 syscall=stat success=no exit=EACCES a0=2312080 a1=7ffff3a2b290 a2=7ffff3a2b290 a3=3580531fd0 items=0 ppid=3040 pid=3675 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=2 tty=(none) comm=sysctl exe=/usr/sbin/sysctl subj=unconfined_u:system_r:mysqld_safe_t:s0 key=(null)

      Hash: sysctl,mysqld_safe_t,sysctl_vm_t,file,getattr

      Surely we should not be dropping system wide caches on a mysql startup for production systems? we have no way of knowing if PS is being deployed onto a dedicated system; dropping caches on a shared system could lead issues.

        Smart Checklist

          Attachments

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                lpjirasync lpjirasync (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: