Running SELinux and MySQL on the NFS partition

If your data (MySQL database) resides in the NFS (Network File System) directory, and if it is a SELinux enabled box, then follow these steps.

Note: You must install TestLink (MySQL) locally var/lib/mysql before moving it to NFS.

Stop MySQL.
Move /var/lib/mysql to /shared/mysql.
Mount mysql with the special SELinux options as a separate mount. The following is the entry in the fstab.
```
tejas-cloud.maa.collab.net:/vol/selinux_mysql /shared nfs rw,tcp,nfsvers=3,rsize=32768,wsize=32768,intr,hard

tejas-cloud.maa.collab.net:/vol/selinux_mysql/mysql /var/lib/mysql nfs rw,tcp,nfsvers=3,rsize=32768,wsize=32768,
intr,hard,nosharecache,context="system_u:object_r:mysqld_db_t:s0"
```
- Here, the /shared NFS mount has SELinux context set to nfs_t, which is used by the TeamForge /shared share.
- /var/lib/mysql has been mounted with the SELinux context of system_u:object_r:mysqld_db_t:s0 and with the option nosharecache.
Start MySQL and it will fail because of the mysql.sock issue.

As a workaround to keep mysql.sock under /var/lib/mysql, we have defined the below policy module and installed it on the server.

semanage fcontext -a -t mysqld_db_t "/var/lib/mysql/testlink(/.*)?"
restorecon -R -v /var/lib/mysql/testlink
grep mysqld /var/log/audit/audit.log | grep -v httpd | audit2allow 
#============= mysqld_var_run_t ============== 
allow mysqld_var_run_t mysqld_db_t:filesystem associate; 

grep mysqld /var/log/audit/audit.log | grep -v httpd | audit2allow -M mysql_var_run_fix 
******************** IMPORTANT ***********************

Warning: When you run this command, for any reason, if you do not get the exact results as shown above, please contact the Technical Support.

To make this policy package active, execute the following:

semodule -i mysql_var_run_fix.pp

Start MySQL.