[Bug 1095370] Re: apparmor prevents non-default mysql data directories
[Expired for mysql-5.5 (Ubuntu) because there has been no activity for 60 days.] ** Changed in: mysql-5.5 (Ubuntu) Status: Incomplete => Expired -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1095370 Title: apparmor prevents non-default mysql data directories To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mysql-5.5/+bug/1095370/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1095370] Re: apparmor prevents non-default mysql data directories
> However it would seem better for the application code to automatically update the /etc/apparmor.d/local/usr.sbin.mysqld file as it learns of paths. I doubt that applications are meant to change that file, though I know nothing about apparmor. If Glom did that, it would need to ask for sudo access to do that, making the application useless for ordinary users. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1095370 Title: apparmor prevents non-default mysql data directories To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mysql-5.5/+bug/1095370/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1095370] Re: apparmor prevents non-default mysql data directories
You can also work around this by setting the mysql profile into complain
mode. Edit /etc/apparmor.d/usr.sbin.mysqld and change the line
/usr/sbin/mysqld {
to
/usr/sbin/mysqld flags=(complain) {
then reload the profile with
sudo apparmor_parser -r /etc/apparmor.d/usr.sbin.mysqld
after this I no longer get the 'Can't create test file' warnings.
However it would seem better for the application code to automatically
update the /etc/apparmor.d/local/usr.sbin.mysqld file as it learns of
paths. This would be similar to how libvirt uses virt-aa-helper to
update policies for qemu VMs to allow access to the block devices (etc)
listed in the VM specification.
Is there a better way you can think of to accomodate this use case
(without giving up the protection against mysql using arbitrary paths)?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1095370
Title:
apparmor prevents non-default mysql data directories
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mysql-5.5/+bug/1095370/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1095370] Re: apparmor prevents non-default mysql data directories
Marking incomplete in case there is another way we can improve this situation. If there is not, then the bug should probably be marked wontfix. ** Changed in: mysql-5.5 (Ubuntu) Importance: Undecided => Medium ** Changed in: mysql-5.5 (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1095370 Title: apparmor prevents non-default mysql data directories To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mysql-5.5/+bug/1095370/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
