Bug#875890: Please consider shipping /etc/apparmor.d/usr.sbin.mysqld from upstream
Hello! Yes I read https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875890#30 but picking a solution, testing it, ensuring there are no regressions etc is not always straightforward, in particular if the domain and problem itself is not previously very familiar. Maybe this would be a good opportunity for you to contribute and submit your suggestion for a fix as a Merge Request at https://salsa.debian.org/mariadb-team/mariadb-10.5? Thanks!
Bug#875890: Please consider shipping /etc/apparmor.d/usr.sbin.mysqld from upstream
Hi there, If you look at message #30 attached to bug #875890 you'll see I have already documented exactly what the problem is, plus suggested a couple of solutions. Cheers, John Winters On 09/05/2021 01:02, Otto Kekäläinen wrote: Hello! Apparmor for MariaDB has not seen much progress lately. I would be happy to get contributions on this topic. If you want to help improve MariaDB in Debian in the open source way, you could for example: - submit your suggestion for a fix as a Merge Request at https://salsa.debian.org/mariadb-team/mariadb-10.5 - help with documentation/testing to improve our understanding on what exactly the bug is about - triage the other bugs filed against MariaDB in Debian so there is time freed up to work on this bug Thanks! -- Xronos Scheduler - https://xronos.uk/ All your school's schedule information in one place. Timetable, activities, homework, public events - the lot Live demo at https://schedulerdemo.xronos.uk/
Bug#875890: Please consider shipping /etc/apparmor.d/usr.sbin.mysqld from upstream
Hello! Apparmor for MariaDB has not seen much progress lately. I would be happy to get contributions on this topic. If you want to help improve MariaDB in Debian in the open source way, you could for example: - submit your suggestion for a fix as a Merge Request at https://salsa.debian.org/mariadb-team/mariadb-10.5 - help with documentation/testing to improve our understanding on what exactly the bug is about - triage the other bugs filed against MariaDB in Debian so there is time freed up to work on this bug Thanks!
Bug#875890: [debian-mysql] Bug#875890: Please consider shipping /etc/apparmor.d/usr.sbin.mysqld from upstream
Hi Otto, On Sat, Dec 29, 2018 at 05:34:34PM +0200, Otto Kekäläinen wrote: > Hello! > > pe 15. syysk. 2017 klo 19.18 Guido Günther (a...@sigxcpu.org) kirjoitti: > > Hi, > > it would be great if the package would ship upstream's profile (even if > > only in complain mode like upstream does). This would help to iron out > > the issues in the profile. > > The problem is that we don't have any AppArmor expert on the team who > would be able to monitor/fix issues related to AppArmor. The > developers have been burnt by AppArmor issues in the past. > > If you sign up to maintain it, I could consider including it. I might have done that in 2017 keeping my setup around that I had back the but the world turned further and this is long gone. I might pick that up once I do some kopano apparmor things again. Cheers, -- Guido > > The first thing you could do is to test with latest mariadb-10.3 if > the upstream profile today works at all to begin with. > > If you get progress, please consider submitting contributions is as > merge requests on Debian's Salsa system: > https://wiki.debian.org/Teams/MySQL/patches
Bug#875890: [debian-mysql] Bug#875890: Please consider shipping /etc/apparmor.d/usr.sbin.mysqld from upstream
Hello! pe 15. syysk. 2017 klo 19.18 Guido Günther (a...@sigxcpu.org) kirjoitti: > Hi, > it would be great if the package would ship upstream's profile (even if > only in complain mode like upstream does). This would help to iron out > the issues in the profile. The problem is that we don't have any AppArmor expert on the team who would be able to monitor/fix issues related to AppArmor. The developers have been burnt by AppArmor issues in the past. If you sign up to maintain it, I could consider including it. The first thing you could do is to test with latest mariadb-10.3 if the upstream profile today works at all to begin with. If you get progress, please consider submitting contributions is as merge requests on Debian's Salsa system: https://wiki.debian.org/Teams/MySQL/patches
Bug#875890: Please consider shipping /etc/apparmor.d/usr.sbin.mysqld from upstream
Hi, Guido Günther: > it would be great if the package would ship upstream's profile (even if > only in complain mode like upstream does). This would help to iron out > the issues in the profile. I notice that mariadb-server-10.1 ships /usr/share/mysql/policy/apparmor/usr.sbin.mysqld (that comes from Ubuntu). Is upstream's profile something else? Note that Ubuntu's profiles are sometimes better suited for usage on Debian than upstream's, especially when upstream uses a different distro as their primary development platform. Now, of course ideally distros would contribute to the upstream profile instead of maintaining their own, as it's started to happen for libvirt :) > The current file file that starts like: > […] > is a bit discouraging. Indeed. FTR Ubuntu has been shipping enforced by default AppArmor policy for MySQL since 2008, so I would expect it to be super robust and I *guess* that it should work almost as-is for MariaDB. Any pointer to the "several problems for users" that have been caused by AppArmor? Cheers, -- intrigeri
Bug#875890: Please consider shipping /etc/apparmor.d/usr.sbin.mysqld from upstream
Package: mariadb-server Version: 10.1.26-1 Severity: wishlist Hi, it would be great if the package would ship upstream's profile (even if only in complain mode like upstream does). This would help to iron out the issues in the profile. The current file file that starts like: # This file is intensionally empty to disable apparmor by default for newer # versions of MariaDB, while providing seamless upgrade from older versions # and from mysql, where apparmor is used. # By default, we do not want to have any apparmor profile for the MariaDB # server. It does not provide much useful functionality/security, and causes # several problems for users who often are not even aware that apparmor # exists and runs on their system. is a bit discouraging. Cheers, -- Guido -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'stable-updates'), (500, 'oldoldstable'), (500, 'unstable'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.12.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages mariadb-server depends on: pn mariadb-server-10.1 pn mariadb-server-10.3 mariadb-server recommends no packages. mariadb-server suggests no packages.