Hi, Guido Günther: > it would be great if the package would ship upstream's profile (even if > only in complain mode like upstream does). This would help to iron out > the issues in the profile.
I notice that mariadb-server-10.1 ships /usr/share/mysql/policy/apparmor/usr.sbin.mysqld (that comes from Ubuntu). Is upstream's profile something else? Note that Ubuntu's profiles are sometimes better suited for usage on Debian than upstream's, especially when upstream uses a different distro as their primary development platform. Now, of course ideally distros would contribute to the upstream profile instead of maintaining their own, as it's started to happen for libvirt :) > The current file file that starts like: > […] > is a bit discouraging. Indeed. FTR Ubuntu has been shipping enforced by default AppArmor policy for MySQL since 2008, so I would expect it to be super robust and I *guess* that it should work almost as-is for MariaDB. Any pointer to the "several problems for users" that have been caused by AppArmor? Cheers, -- intrigeri

