This is due to the system having a previos AppArmor profile, that is
still enforced.

I don't know if it can be fixed. Maybe the preinstall script should
deactivate the profile?

AppArmor causes a lot of weird errors when it stops the mysqld from
working as expected, and the code inside mysqld does not know how to
fall back from a suddend denial of access. Therefore the profile we
ship has been empty for a few years already to make sure AppArmor
would not confine anything
(https://salsa.debian.org/mariadb-team/mariadb-10.1/blob/master/debian/apparmor-profile).

We need an AppArmor expert in the packaging team to write a good
profile and actively maintain it. Any attempt to do a 99% good profile
that fails 1% of the time would sum up to cause too much trouble.

Reply via email to