I was testing TokuDB on Percona Server 5.6 in a VM running CentOS 6. The OS has SELinux enforcing. Instructions for installing are here: http://www.percona.com/doc/percona-server/5.6/tokudb/tokudb_installation.html The commands required to install the TokuDB engine are: INSTALL PLUGIN tokudb SONAME 'ha_tokudb.so'; INSTALL PLUGIN tokudb_file_map SONAME 'ha_tokudb.so'; INSTALL PLUGIN tokudb_fractal_tree_info SONAME 'ha_tokudb.so'; INSTALL PLUGIN tokudb_fractal_tree_block_map SONAME 'ha_tokudb.so'; INSTALL PLUGIN tokudb_trx SONAME 'ha_tokudb.so'; INSTALL PLUGIN tokudb_locks SONAME 'ha_tokudb.so'; INSTALL PLUGIN tokudb_lock_waits SONAME 'ha_tokudb.so'; However the first one always fails with this error in the mysql log file: [ERROR] TokuDB is not initialized because jemalloc is not loaded I checked mysqld_safe and the script coming with Percona Server already seems to preload libjemalloc. I checked in the Checking the audit log, there are no deny entries. However running with The reason for this is that mysqld_safe transitions from mysqld_safe_t to mysqld_t when it runs mysqld and selinux when transitioning ignores LD_PRELOAD by default (details here: http://blog.siphos.be/2011/04/selinux-and-noatsecure-or-why-portage-complains-about-ld_preload-and-libsandbox-so/) To fix: module mysqld_safe_preload 0.1; require { type mysqld_safe_t; type mysqld_t; class process { noatsecure } ; } allow mysqld_safe_t mysqld_t:process { noatsecure }; This ensures that AT_SECURE is not set by SELinux when mysqld_safe_t executes mysqld and transitions to mysqld_t. |
Random Notes >