I am trying to enable SSL for MySQL in my LAMP server container.

I followed:

https://mifosforge.jira.com/wiki/display/MIFOS/How+to+enable+MySQL+SSL+on+Ubuntu

Went through all the key steps.

But still no SSL...

mysql> show variables like "%ssl%";
+---------------+----------------------------+
| Variable_name | Value                      |
+---------------+----------------------------+
| have_openssl  | DISABLED                   |
| have_ssl      | DISABLED                   |
| ssl_ca        | /etc/mysql/ca-cert.pem     |
| ssl_capath    |                            |
| ssl_cert      | /etc/mysql/server-cert.pem |
| ssl_cipher    |                            |
| ssl_key       | /etc/mysql/server-key.pem  |
+---------------+----------------------------+
7 rows in set (0.08 sec)

mysql> 

So I look around and found 

http://ubuntuforums.org/showthread.php?t=1121458

which looks like the solution that apparmor is blocking this

So I edit

/etc/apparmor.d/usr.sbin.mysqld

ubuntu@LAMPServer:~$ more /etc/apparmor.d/usr.sbin.mysqld
# vim:syntax=apparmor
# Last Modified: Tue Jun 19 17:37:30 2007
#include <tunables/global>

/usr/sbin/mysqld {
  #include <abstractions/base>
  #include <abstractions/nameservice>
  #include <abstractions/user-tmp>
  #include <abstractions/mysql>
  #include <abstractions/winbind>

  capability dac_override,
  capability sys_resource,
  capability setgid,
  capability setuid,

  network tcp,

  /etc/hosts.allow r,
  /etc/hosts.deny r,

  /etc/mysql/*.pem r,
  /etc/mysql/*.crt r,
  /etc/mysql/*.key r,
  /etc/mysql/conf.d/ r,
  /etc/mysql/conf.d/* r,
  /etc/mysql/*.cnf r,
  /usr/lib/mysql/plugin/ r,
  /usr/lib/mysql/plugin/*.so* mr,
  /usr/sbin/mysqld mr,
  /usr/share/mysql/** r,
  /var/log/mysql.log rw,
  /var/log/mysql.err rw,
  /var/lib/mysql/ r,
  /var/lib/mysql/** rwk,
  /var/log/mysql/ r,
  /var/log/mysql/* rw,
  /var/run/mysqld/mysqld.pid w,
  /var/run/mysqld/mysqld.sock w,
  /run/mysqld/mysqld.pid w,
  /run/mysqld/mysqld.sock w,

  /sys/devices/system/cpu/ r,

  # Site-specific additions and overrides. See local/README for details.
  #include <local/usr.sbin.mysqld>
}
ubuntu@LAMPServer:~$

Still disabled.... 

Ok reload the profiles...

Ok... none of the commands I have for that seem to work... 


ubuntu@LAMPServer:~$ sudo service apparmor restart
[sudo] password for ubuntu: 
apparmor: unrecognized service
ubuntu@LAMPServer:~$ sudo apparmor_status
sudo: apparmor_status: command not found
ubuntu@LAMPServer:~$ sudo apparmor_status
sudo: apparmor_status: command not found
ubuntu@LAMPServer:~$ sudo invoke-rc.d apparmor reload
invoke-rc.d: unknown initscript, /etc/init.d/apparmor not found.
ubuntu@LAMPServer:~$ sudo apparmor_parser -r /etc/apparmor.d/usr.sbin.mysqld
sudo: apparmor_parser: command not found
ubuntu@LAMPServer:~$ 

Short of shutting the container down and restarting, which doesn't seem very 
"Linux-y" ? ? ? 

Clues hints, clubs, tar, pitchfork... ? ? ? 

Thanks!


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users

Reply via email to