If you enable certain MySQL features, you might need to set the SELinux TCP port context for additional ports used by those features. If ports used by MySQL features do not have the correct SELinux context, the features might not function correctly.
The following sections describe how to set port contexts for MySQL features. Generally, the same method can be used to set the port context for any MySQL features. For information about ports used by MySQL features, refer to the MySQL Port Reference.
For MySQL 9.0, enabling
mysql_connect_any
is not required or
recommended.
setsebool -P mysql_connect_any=ON
If SELinux is enabled, you must set the port context for the
Group Replication communication port, which is defined by the
group_replication_local_address
variable. mysqld must be able to bind to
the Group Replication communication port and listen there.
InnoDB Cluster relies on Group Replication so this applies
equally to instances used in a cluster. To view ports
currently used by MySQL, issue:
semanage port -l | grep mysqld
Assuming the Group Replication communication port is 33061, set the port context by issuing:
semanage port -a -t mysqld_port_t -p tcp 33061
If SELinux is enabled, you must set the port context for the
communication port used by X Plugin, which is defined by the
mysqlx_port
variable.
mysqld must be able to bind to the
X Plugin communication port and listen there.
Assuming the X Plugin communication port is 33060, set the port context by issuing:
semanage port -a -t mysqld_port_t -p tcp 33060
If SELinux is enabled, you must set the port context for the communication ports used by MySQL Router. Assuming the additional communication ports used by MySQL Router are the default 6446, 6447, 64460 and 64470, on each instance set the port context by issuing:
semanage port -a -t mysqld_port_t -p tcp 6446
semanage port -a -t mysqld_port_t -p tcp 6447
semanage port -a -t mysqld_port_t -p tcp 64460
semanage port -a -t mysqld_port_t -p tcp 64470