[Bug 1095370] Re: apparmor prevents non-default mysql data directories
[Expired for mysql-5.5 (Ubuntu) because there has been no activity for 60 days.] ** Changed in: mysql-5.5 (Ubuntu) Status: Incomplete => Expired -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1095370 Title: apparmor prevents non-default mysql data directories To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mysql-5.5/+bug/1095370/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1095370] Re: apparmor prevents non-default mysql data directories
> However it would seem better for the application code to automatically update the /etc/apparmor.d/local/usr.sbin.mysqld file as it learns of paths. I doubt that applications are meant to change that file, though I know nothing about apparmor. If Glom did that, it would need to ask for sudo access to do that, making the application useless for ordinary users. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1095370 Title: apparmor prevents non-default mysql data directories To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mysql-5.5/+bug/1095370/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1095370] Re: apparmor prevents non-default mysql data directories
You can also work around this by setting the mysql profile into complain mode. Edit /etc/apparmor.d/usr.sbin.mysqld and change the line /usr/sbin/mysqld { to /usr/sbin/mysqld flags=(complain) { then reload the profile with sudo apparmor_parser -r /etc/apparmor.d/usr.sbin.mysqld after this I no longer get the 'Can't create test file' warnings. However it would seem better for the application code to automatically update the /etc/apparmor.d/local/usr.sbin.mysqld file as it learns of paths. This would be similar to how libvirt uses virt-aa-helper to update policies for qemu VMs to allow access to the block devices (etc) listed in the VM specification. Is there a better way you can think of to accomodate this use case (without giving up the protection against mysql using arbitrary paths)? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1095370 Title: apparmor prevents non-default mysql data directories To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mysql-5.5/+bug/1095370/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1095370] Re: apparmor prevents non-default mysql data directories
Marking incomplete in case there is another way we can improve this situation. If there is not, then the bug should probably be marked wontfix. ** Changed in: mysql-5.5 (Ubuntu) Importance: Undecided => Medium ** Changed in: mysql-5.5 (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1095370 Title: apparmor prevents non-default mysql data directories To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mysql-5.5/+bug/1095370/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs