6.5.5.2 Setting the TCP Port Context for MySQL Features
If you enable certain MySQL features, you may need to set the SELinux TCP port context for additional ports used by those features. If ports used by MySQL features do not have the correct SELinux context, the features may not function correctly.
The following sections describe how to set port contexts for MySQL Group Replication and InnoDB Cluster. Generally, the same method can be used to set the port context for other MySQL features. For information about ports used by MySQL features, refer to the MySQL Port Reference .
If SELinux is enabled, you must set the port context for the Group Replication communication port, which is defined by the group_replication_local_address
variable. mysqld must be able to bind to the Group Replication communication port and listen there. To view ports currently used by MySQL, issue:
semanage port -l | grep mysqld
Assuming the Group Replication communication port is 33061, set the port context by issuing:
semanage port -a -t mysqld_port_t -p tcp 33061
From MySQL 8.0.14 to MySQL 8.0.17, the mysql_connect_any
SELinux boolean must be set to ON
to permit communication between the Group Communication System (GCS) component of Group Replication and the local group communication engine (XCom) instance. As of MySQL 8.0.18, enabling mysql_connect_any
is not required or recommended.
setsebool -P mysql_connect_any=ON
If SELinux is enabled, you must you must set the port context for the communication ports used by InnoDB Cluster. To view ports currently used by MySQL, issue:
semanage port -l | grep mysqld
Assuming the additional communication ports used by InnoDB Cluster are 33060 and 33061, set the port context by issuing:
semanage port -a -t mysqld_port_t -p tcp 33060
semanage port -a -t mysqld_port_t -p tcp 33061