在新安装 MySQL 后进行启动发现报错
MySQL 启动服务命令
- systemctl start [email protected]
- Starting mysqld (via systemctl):? Job for mysqld.service failed because the control process exited with error code. See "systemctl status mysqld3306.service" and "journalctl -xe" for details.
按照错误提示信息进行排查
- systemctl status mysqld3306.service
- journalctl -xe
尝试连接 MySQL 报错查看 sock 文件夹发现 sock 文件丢失
- [[email protected] mysqldata3309]# MySQL -uroot -S /data/mysqldata3309/sock/MySQL.sock -p"Ygadb(vw<6ae"
- MySQL: [Warning] Using a password on the command line interface can be insecure.
- ERROR 2002 (HY000): Can't connect to local MySQL server through socket'/data/mysqldata3309/sock/MySQL.sock' (2)
使用命令 journalctl -xe 查看报错具体原因, 发现红色找字体的日志: SELinux is preventing mysqld from getattr access on the file /var/lib/MySQL/ibdata1. For complete SELinux messages run: sealert -l
发现是 selinux 限制导致 MySQL 服务启动失败
解决办法
1. 查看 SELinux 状态
1.1 getenforce
getenforce? 命令是单词 get(获取) 和 enforce(执行) 连写, 可查看 selinux 状态, 与 setenforce 命令相反.
setenforce? 命令则是单词 set(设置) 和 enforce(执行) 连写, 用于设置 selinux 防火墙状态, 如:?setenforce 0 用于关闭 selinux 防火墙, 但重启后失效
- [[email protected] ~]# getenforce
- Enforcing
- 1.2 /usr/sbin/sestatus
Current mode 表示当前 selinux 防火墙的安全策略
- [[email protected] ~]# /usr/sbin/sestatus
- SELinux status: enabled
- SELinuxfs mount: /sys/fs/selinux
- SELinux root directory: /etc/selinux
- Loaded policy name: targeted
- Current mode: enforcing
- Mode from config file: enforcing
- Policy MLS status: enabled
- Policy deny_unknown status: allowed
- Max kernel policy version: 28
SELinux status:selinux 防火墙的状态, enabled 表示启用 selinux 防火墙
Current mode: selinux 防火墙当前的安全策略, enforcing 表示强
2. 关闭 SELinux
2.1 临时关闭
setenforce 0?: 用于关闭 selinux 防火墙, 但重启后失效.
- [[email protected] ~]# setenforce 0
- [[email protected] ~]# /usr/sbin/sestatus
- SELinux status: enabled
- SELinuxfs mount: /sys/fs/selinux
- SELinux root directory: /etc/selinux
- Loaded policy name: targeted
- Current mode: permissive
- Mode from config file: enforcing
- Policy MLS status: enabled
- Policy deny_unknown status: allowed
- Max kernel policy version: 28
2.1 永久关闭
修改 selinux 的配置文件, 重启后生效.
打开 selinux 配置文件
[[email protected] ~]# VIM /etc/selinux/config
修改 selinux 配置文件
将 SELINUX=enforcing 改为 SELINUX=disabled, 保存后退出
This file controls the state of SELinux on the system.
SELINUX= can take one of these three values:
enforcing - SELinux security policy is enforced.
permissive - SELinux prints warnings instead of enforcing.
disabled - No SELinux policy is loaded.
- SELINUX=enforcing
- SELINUXTYPE= can take one of three two values:
- targeted - Targeted processes are protected,
minimum - Modification of targeted policy. Only selected processes are protected.
mls - Multi Level Security protection.
SELINUXTYPE=targeted
此时获取当前 selinux 防火墙的安全策略仍为 Enforcing, 配置文件并未生效.
- [[email protected] ~]# getenforce
- Enforcing
重启
[[email protected] ~]# reboot
验证
- [[email protected] ~]# /usr/sbin/sestatus
- SELinux status: disabled
- [[email protected] ~]# getenforce
- Disabled
然后重启 MySQL 服务, 连接正常
来源: http://www.bubuko.com/infodetail-3632363.html