Hi!, In branch https://salsa.debian.org/otto/mariadb-server/-/commits/feature/autopkgtest-apparmor I modified the autopkgtest to run the full test suite, and at the end of it print out all AppArmor messages. After uploading that to a PPA and triggering autopkgtest on Ubuntu/Launchpad I got https://autopkgtest.ubuntu.com/results/autopkgtest-resolute-mysql-ubuntu-mariadb/resolute/amd64/m/mariadb/20260312_062925_75a14@/log.gz
We can see that this is the state of AppArmor on those Ubuntu/Launchpad autopgktest runners and these are the warnings that get issues by merely having the profile in 'complain' mode and starting MariaDB: 4394s === AppArmor profile status === 4394s who 4394s znc 4394s 3 profiles are in complain mode. 4394s Xorg 4394s Xorg_wrap 4394s mariadbd 4394s 0 profiles are in prompt mode. 4394s 0 profiles are in kill mode. 4394s 74 profiles are in unconfined mode. 4394s 1password 4394s Discord 4394s -- 4394s 3 processes are in enforce mode. 4394s /usr/sbin/chronyd (882) 4394s /usr/sbin/chronyd (889) 4394s /usr/sbin/rsyslogd (885) rsyslogd 4394s 1 processes are in complain mode. 4394s /usr/sbin/mariadbd (2271) mariadbd 4394s 0 processes are in prompt mode. 4394s 0 processes are in kill mode. 4394s 0 processes are unconfined but have a profile defined. 4394s 0 processes are in mixed mode. 4394s === AppArmor denials === 4394s [ 48.367999] audit: type=1400 audit(1773292648.734:178): apparmor="STATUS" operation="profile_load" profile="unconfined" name="mariadbd" pid=1699 comm="apparmor_parser" 4394s [ 48.406349] audit: type=1400 audit(1773292648.773:179): apparmor="STATUS" operation="profile_replace" info="same as current profile, skipping" profile="unconfined" name="mariadbd" pid=1705 comm="apparmor_parser" 4394s [ 48.970980] audit: type=1400 audit(1773292649.337:180): apparmor="ALLOWED" operation="open" class="file" profile="mariadbd" name="/sys/block/" pid=1850 comm="mariadbd" requested_mask="r" denied_mask="r" fsuid=985 ouid=0 4394s [ 48.970997] audit: type=1400 audit(1773292649.337:181): apparmor="ALLOWED" operation="file_perm" class="file" profile="mariadbd" name="/sys/block/" pid=1850 comm="mariadbd" requested_mask="r" denied_mask="r" fsuid=985 ouid=0 4394s [ 48.971025] audit: type=1400 audit(1773292649.337:182): apparmor="ALLOWED" operation="open" class="file" profile="mariadbd" name="/sys/devices/virtual/block/loop1/dev" pid=1850 comm="mariadbd" requested_mask="r" denied_mask="r" fsuid=985 ouid=0 4394s [ 48.971031] audit: type=1400 audit(1773292649.337:183): apparmor="ALLOWED" operation="file_perm" class="file" profile="mariadbd" name="/sys/devices/virtual/block/loop1/dev" pid=1850 comm="mariadbd" requested_mask="r" denied_mask="r" fsuid=985 ouid=0 4394s [ 48.971047] audit: type=1400 audit(1773292649.337:184): apparmor="ALLOWED" operation="open" class="file" profile="mariadbd" name="/sys/devices/virtual/block/loop6/dev" pid=1850 comm="mariadbd" requested_mask="r" denied_mask="r" fsuid=985 ouid=0 4394s [ 48.971051] audit: type=1400 audit(1773292649.337:185): apparmor="ALLOWED" operation="file_perm" class="file" profile="mariadbd" name="/sys/devices/virtual/block/loop6/dev" pid=1850 comm="mariadbd" requested_mask="r" denied_mask="r" fsuid=985 ouid=0 4394s [ 48.971066] audit: type=1400 audit(1773292649.337:186): apparmor="ALLOWED" operation="open" class="file" profile="mariadbd" name="/sys/devices/virtual/block/loop4/dev" pid=1850 comm="mariadbd" requested_mask="r" denied_mask="r" fsuid=985 ouid=0 4394s [ 48.971071] audit: type=1400 audit(1773292649.337:187): apparmor="ALLOWED" operation="file_perm" class="file" profile="mariadbd" name="/sys/devices/virtual/block/loop4/dev" pid=1850 comm="mariadbd" requested_mask="r" denied_mask="r" fsuid=985 ouid=0 4394s [ 450.351785] audit: type=1400 audit(1773293050.718:199): apparmor="ALLOWED" operation="open" class="file" profile="mariadbd" name="/proc/2271/task/2274/comm" pid=2271 comm="mariadbd" requested_mask="wr" denied_mask="wr" fsuid=985 ouid=985 4394s [ 450.351797] audit: type=1400 audit(1773293050.718:200): apparmor="ALLOWED" operation="file_perm" class="file" profile="mariadbd" name="/proc/2271/task/2274/comm" pid=2271 comm="mariadbd" requested_mask="w" denied_mask="w" fsuid=985 ouid=985 4394s [ 450.351842] audit: type=1400 audit(1773293050.718:201): apparmor="ALLOWED" operation="open" class="file" profile="mariadbd" name="/proc/2271/task/2275/comm" pid=2271 comm="mariadbd" requested_mask="wr" denied_mask="wr" fsuid=985 ouid=985 4394s [ 450.351849] audit: type=1400 audit(1773293050.718:202): apparmor="ALLOWED" operation="file_perm" class="file" profile="mariadbd" name="/proc/2271/task/2275/comm" pid=2271 comm="mariadbd" requested_mask="w" denied_mask="w" fsuid=985 ouid=985 4394s [ 450.351916] audit: type=1400 audit(1773293050.718:203): apparmor="ALLOWED" operation="open" class="file" profile="mariadbd" name="/proc/sys/kernel/random/uuid" pid=2271 comm="mariadbd" requested_mask="r" denied_mask="r" fsuid=985 ouid=0 4394s [ 450.351931] audit: type=1400 audit(1773293050.718:204): apparmor="ALLOWED" operation="file_perm" class="file" profile="mariadbd" name="/proc/sys/kernel/random/uuid" pid=2271 comm="mariadbd" requested_mask="r" denied_mask="r" fsuid=985 ouid=0 4394s [ 450.352117] audit: type=1400 audit(1773293050.718:205): apparmor="ALLOWED" operation="open" class="file" profile="mariadbd" name="/proc/sys/kernel/random/uuid" pid=2271 comm="mariadbd" requested_mask="r" denied_mask="r" fsuid=985 ouid=0 4394s [ 450.352128] audit: type=1400 audit(1773293050.718:206): apparmor="ALLOWED" operation="file_perm" class="file" profile="mariadbd" name="/proc/sys/kernel/random/uuid" pid=2271 comm="mariadbd" requested_mask="r" denied_mask="r" fsuid=985 ouid=0 4394s [ 450.373320] audit: type=1400 audit(1773293050.740:207): apparmor="ALLOWED" operation="open" class="file" profile="mariadbd" name="/sys/block/" pid=2271 comm="mariadbd" requested_mask="r" denied_mask="r" fsuid=985 ouid=0 4394s [ 450.373334] audit: type=1400 audit(1773293050.740:208): apparmor="ALLOWED" operation="file_perm" class="file" profile="mariadbd" name="/sys/block/" pid=2271 comm="mariadbd" requested_mask="r" denied_mask="r" fsuid=985 ouid=0 Surprisingly the whole --big-test run passes with zero failures: 8277s Completed: All 5576 tests were successful. 8277s 8277s 1103 tests were skipped, 325 by the test itself. Of the complaints printed at the end of the log I did a sorted summary with 'cut -d ' ' -f 11- apparmor-complaints-2026-03-12.txt | sort' and attached here in case the link to the full log expires / gets purged. I am currently testing AppArmor profile extensions on the same branch linked above and maybe if I can get the test suite to run more than just 5576 tests to get absolutely maximum coverage.
apparmor-complaints-2026-03-12_column_11_onwards_sorted.txt.xz
Description: application/xz
