Announcement

Announcement Module
Collapse
No announcement yet.

CentOS 5 and Percona Startup (and my.cnf feedback request)

Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • #31
    I see we never published benchmarks on that. I'll ask Vadim if he still has the numbers and can blog about it. I don't want to quote something from memory and be wrong, but I'm pretty sure the performance hit was into the double digit percents, which is a non-negligible amount of money on large applications. Although it's possible that newer distros are improved in this regard.

    Comment


    • #32
      Here are the details of the issues:

      [root@tigdb1 ~]# ausearch -ts 22:43:33
      ----
      time->Sun Sep 11 22:43:40 2011
      type=SYSCALL msg=audit(1315795420.425:136528): arch=c000003e syscall=2 success=yes exit=3 a0=1bd5d70 a1=0 a2=1bd6d70 a3=3 items=0 ppid=27910 pid=28112 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=6351 comm="mysqld" exe="/usr/sbin/mysqld" subj=unconfined_u:system_r:mysqld_t:s0 key=(null)
      type=AVC msg=audit(1315795420.425:136528): avc: denied { open } for pid=28112 comm="mysqld" name="dm-2" dev=devtmpfs ino=13198 scontext=unconfined_u:system_r:mysqld_t:s0 tcontext=system_ubject_r:fixed_disk_device_t:s0 tclass=blk_file
      type=AVC msg=audit(1315795420.425:136528): avc: denied { read } for pid=28112 comm="mysqld" name="dm-2" dev=devtmpfs ino=13198 scontext=unconfined_u:system_r:mysqld_t:s0 tcontext=system_ubject_r:fixed_disk_device_t:s0 tclass=blk_file
      ----
      time->Sun Sep 11 22:43:40 2011
      type=SYSCALL msg=audit(1315795420.425:136529): arch=c000003e syscall=16 success=no exit=-22 a0=3 a1=4004fecd a2=7ffffeecc6bc a3=3 items=0 ppid=27910 pid=28112 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=6351 comm="mysqld" exe="/usr/sbin/mysqld" subj=unconfined_u:system_r:mysqld_t:s0 key=(null)
      type=AVC msg=audit(1315795420.425:136529): avc: denied { write } for pid=28112 comm="mysqld" path="/dev/dm-2" dev=devtmpfs ino=13198 scontext=unconfined_u:system_r:mysqld_t:s0 tcontext=system_ubject_r:fixed_disk_device_t:s0 tclass=blk_file
      ----
      time->Sun Sep 11 22:43:41 2011
      type=SYSCALL msg=audit(1315795421.840:136530): arch=c000003e syscall=2 success=yes exit=11 a0=1ba5008 a1=441 a2=1b0 a3=10 items=0 ppid=27910 pid=28112 auid=0 uid=497 gid=495 euid=497 suid=497 fsuid=497 egid=495 sgid=495 fsgid=495 tty=pts0 ses=6351 comm="mysqld" exe="/usr/sbin/mysqld" subj=unconfined_u:system_r:mysqld_t:s0 key=(null)
      type=AVC msg=audit(1315795421.840:136530): avc: denied { open } for pid=28112 comm="mysqld" name="mysql-slow.log" dev=dm-0 ino=789438 scontext=unconfined_u:system_r:mysqld_t:s0 tcontext=unconfined_ubject_r:var_run_t:s0 tclass=file
      type=AVC msg=audit(1315795421.840:136530): avc: denied { append } for pid=28112 comm="mysqld" name="mysql-slow.log" dev=dm-0 ino=789438 scontext=unconfined_u:system_r:mysqld_t:s0 tcontext=unconfined_ubject_r:var_run_t:s0 tclass=file

      Comment


      • #33
        create a file mysqllocal.te anywhere on the filesystem with contents

        module mysqllocal 1.1;require { type syslogd_t; type mysqld_safe_t; type mysqld_t; type mysqld_log_t; type devlog_t; type fixed_disk_device_t; type sysctl_fs_t; type var_lib_nfs_t; class sock_file write; class unix_dgram_socket { write create connect sendto }; class dir { write remove_name read add_name search }; class blk_file { read write open };}#============= mysqld_safe_t ==============allow mysqld_safe_t devlog_t:sock_file write;allow mysqld_safe_t self:unix_dgram_socket { write create connect };allow mysqld_safe_t syslogd_t:unix_dgram_socket sendto;allow mysqld_t mysqld_log_t:dir { write remove_name read add_name };allow mysqld_t fixed_disk_device_t:blk_file { read write open };allow mysqld_t sysctl_fs_t:dir search;allow mysqld_t var_lib_nfs_t:dir search;


        run
        checkmodule -M -m -o mysqllocal.mod mysqllocal.te
        semodule_package -o mysqllocal.pp -m mysqllocal.mod
        semodule -i mysqllocal.pp

        in my case all logs go to /var/log/mysql/ with context system_ubject_r:mysqld_log_t:s0
        you can go the same way
        mkdir /var/log/mysql/
        chown mysql:mysql /var/log/mysql/
        semanage fcontext -a -t mysqld_log_t "/var/log/mysql(/.*)?"


        You shoud have no problems since then. Don't forget to make changes to /etc/my.cnf

        Comment


        • #34
          Thanks. Which my.cnf lines have you changed to move logs there? (which logs - all logs or binary logs?)

          The commands worked but with setenforce 1 it's still giving the error, so must be the logs...

          Comment


          • #35
            all logs. Bin, slow, general. All of them

            Comment

            Working...
            X