If you are planning to mount /opt/netapp or /opt/netapp/data on an NAS or SAN device, and you have SELinux enabled, you need to be aware of the following considerations.
If are planning to mount /opt/netapp or /opt/netapp/data from anywhere other than the root file system, and you have SELinux enabled in your environment, you must set the correct context for the mounted directories. Follow these two steps for setting and confirming the correct SELinux context.
Configuring the SELinux context when /opt/netapp/data is mounted
If you have mounted /opt/netapp/data in your system and SELinux is set to Enforcing, ensure that the SELinux context type for /opt/netapp/data is set to mysqld_db_t, which is the default context element for the location of the database files.
A sample output:
drwxr-xr-x. mysql root unconfined_u:object_r:default_t:s0 /opt/netapp/data
In this output, the context is default_t that must be changed to mysqld_db_t.
Verify whether the context is set correctly: ls -dZ /opt/netapp/data/
drwxr-xr-x. mysql root unconfined_u:object_r:mysqld_db_t:s0 /opt/netapp/data/
Configuring the SELinux context when /opt/netapp is mounted
After setting the correct context for /opt/netapp/data/, ensure that the parent directory /opt/netapp does not have the SELinux context set to file_t.
Run this command to check the context: ls -dZ /opt/netapp
A sample output:
drwxr-xr-x. mysql root unconfined_u:object_r:file_t:s0 /opt/netapp
In this output, the context is file_t that must be changed. The following commands set the context to usr_t. You can set the context to any value other than file_t based on your security requirements.
If you have configured /opt/netapp in /etc/fstab, you must edit the /etc/fstab file. For the /opt/netapp mount option, add the MySQL label as: context=system_u:object_r:usr_t:s0
Verify whether the context is set correctly: ls -dZ /opt/netapp
drwxr-xr-x. mysql root unconfined_u:object_r:usr_t:s0 /opt/netapp