Bug #98340 Can't create /var/log/mysqld_slow.log file
Submitted: 23 Jan 2020 21:52 Modified: 26 Jan 2020 1:01
Reporter: Mathias Kuhns Email Updates:
Status: Not a Bug Impact on me:
None 
Category:MySQL Server Severity:S3 (Non-critical)
Version:8.0.18 OS:Red Hat
Assigned to: CPU Architecture:x86
Tags: selinux

[23 Jan 2020 21:52] Mathias Kuhns 
Description:
SELinux is turned on (see below). Then you activate slow query logging for the first time and get the following error starting mysqld:

[System] [MY-010116] [Server] /usr/sbin/mysqld (mysqld 8.0.18-commercial) starting as process 5188
mysqld: File '/var/log/mysqld_slow.log' not found (OS errno 13 - Permission denied)
[ERROR] [MY-011263] [Server] Could not use /var/log/mysqld_slow.log for logging (error 13 - Permission denied). Turning logging off for the server process. To turn it on again: fix the cause, then either restart the query logging by using "SET GLOBAL SLOW_QUERY_LOG=ON" or restart the MySQL server.

# journalctl
…
SELinux is preventing /usr/sbin/mysqld from open access on the file /var/log/mysqld_slow.log.
/var/log/mysqld_slow.log default label should be mysqld_log_t.

How to repeat:
# /etc/selinux/config
SELINUX=enforcing
SELINUXTYPE=targeted

# /etc/my.cnf
…
slow_query_log=ON
slow_query_log_file=/var/log/mysqld_slow.log
…

# service mysqld start

Suggested fix:
Workaround:

Prior to starting mysqld type the following commands:

# touch /var/log/mysqld_slow.log
# chown mysql:mysql /var/log/mysqld_slow.log
# chmod 640 /var/log/mysqld_slow.log
# chcon -t mysqld_log_t /var/log/mysqld_slow.log
[24 Jan 2020 9:20] Terje Røsten 
Hi!

Thanks for your report!

I don't think this is a MySQL problem as such.

Directory /var/log is owned by root, to create new files here as non-root,
root user must first create file and set and owner to wanted user.

When SELinux is in use, you also have to set correct SELinux context on the file, like you just did.

MySQL server itself can neither create file or change SELinux context, this
is by design.
[24 Jan 2020 16:44] MySQL Verification Team 
Not a bug, see prior comment from developer. Thanks.
[25 Jan 2020 4:00] Mathias Kuhns 
If you delete the error log /var/log/mysqld.log and then start MySQL, mysqld can create /var/log/mysqld.log successfully with a fcontext of mysqld_log_t!
[28 Jan 2020 12:33] Terje Røsten 
Hi!

/var/log/mysqld.log is part of default RPM package and required
for MySQL server to work.

mysqld_slow.log is an optional feature (one of many).

Current SELinux policy already covers /var/log/mysqld_slow.log location:

https://github.com/fedora-selinux/selinux-policy-contrib/blob/b35f071eace9e06117f78cdda3dd...

It's not clear to me what should be done. 
Creating /var/log/mysqld_slow.log for all users is not an option.