MDEV-10767 /tmp/wsrep_recovery.${RANDOM} file created in unallowed SELinux contextbb-mdev-10767

Problem:- To create file in /tmp dir mysqld require permission initrc_tmp_t.
And mysqld does not have his permission.

Solution:- Instead of giving mysqld permission of initrc_tmp_t , we redirected
log to file in /tmp dir through shell. I also removed a earlier workarround
in mysqld_safe.sh , which create tmp log file in datadir.

2 files changed, 4 insertions, 4 deletions

diff --git a/scripts/galera_recovery.sh b/scripts/galera_recovery.sh
index d734ceb7ac7..de2e653c497 100644
--- a/scripts/galera_recovery.sh
+++ b/scripts/galera_recovery.sh
@@ -69,7 +69,7 @@ parse_arguments() {
 wsrep_recover_position() {
   # Redirect server's error log to the log file.
   eval /usr/sbin/mysqld $cmdline_args --user=$user --wsrep_recover \
-    --log-error="$log_file"
+    --disable-log-error 2> "$log_file"
   ret=$?
   if [ $ret -ne 0 ]; then
     # Something went wrong, let us also print the error log so that it
diff --git a/scripts/mysqld_safe.sh b/scripts/mysqld_safe.sh
index e5708b51be5..5564f92a27c 100644
--- a/scripts/mysqld_safe.sh
+++ b/scripts/mysqld_safe.sh
@@ -246,7 +246,7 @@ wsrep_recover_position() {
   local euid=$(id -u)
   local ret=0
 
-  local wr_logfile=$(mktemp $DATADIR/wsrep_recovery.XXXXXX)
+  local wr_logfile=$(mktemp wsrep_recovery.XXXXXX)
 
   # safety checks
   if [ -z $wr_logfile ]; then
@@ -264,11 +264,11 @@ wsrep_recover_position() {
 
   local wr_pidfile="$DATADIR/"`@HOSTNAME@`"-recover.pid"
 
-  local wr_options="--log_error='$wr_logfile' --pid-file='$wr_pidfile'"
+  local wr_options="--disable-log-error  --pid-file='$wr_pidfile'"
 
   log_notice "WSREP: Running position recovery with $wr_options"
 
-  eval_log_error "$mysqld_cmd --wsrep_recover $wr_options"
+  eval_log_error "$mysqld_cmd --wsrep_recover $wr_options 2> $wr_logfile"
 
   local rp="$(grep 'WSREP: Recovered position:' $wr_logfile)"
   if [ -z "$rp" ]; then