6.5.5.2 Setting the TCP Port Context for MySQL Features

If you enable certain MySQL features, you may need to set the SELinux TCP port context for additional ports used by those features. If ports used by MySQL features do not have the correct SELinux context, the features may not function correctly.

The following sections describe how to set port contexts for MySQL Group Replication and InnoDB Cluster. Generally, the same method can be used to set the port context for other MySQL features. For information about ports used by MySQL features, refer to the MySQL Port Reference .

Setting the TCP Port Context for Group Replication

If SELinux is enabled, you must set the port context for the Group Replication communication port, which is defined by the group_replication_local_address variable. mysqld must be able to bind to the Group Replication communication port and listen there. To view ports currently used by MySQL, issue:

semanage port -l | grep mysqld

Assuming the Group Replication communication port is 33061, set the port context by issuing:

semanage port -a -t mysqld_port_t -p tcp 33061

From MySQL 8.0.14 to MySQL 8.0.17, the mysql_connect_any SELinux boolean must be set to ON to permit communication between the Group Communication System (GCS) component of Group Replication and the local group communication engine (XCom) instance. As of MySQL 8.0.18, enabling mysql_connect_any is not required or recommended.

setsebool -P mysql_connect_any=ON
Setting the TCP Port Context for InnoDB Cluster

If SELinux is enabled, you must you must set the port context for the communication ports used by InnoDB Cluster. To view ports currently used by MySQL, issue:

semanage port -l | grep mysqld

Assuming the additional communication ports used by InnoDB Cluster are 33060 and 33061, set the port context by issuing:

semanage port -a -t mysqld_port_t -p tcp 33060
semanage port -a -t mysqld_port_t -p tcp 33061