Public bug reported:
I get the follow kernel message:
May 22 08:11:49 srv1 kernel: [29050.927299] audit: type=1400
audit(1590135109.257:99): apparmor="DENIED" operation="open"
profile="/usr/sbin/mysqld" name="/proc/sys/kernel/random/boot_id"
pid=9559 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
It could be easy to fix it:
--- /tmp/usr.sbin.mysqld 2020-05-22 08:21:49.698953104 +0000
+++ /etc/apparmor.d/usr.sbin.mysqld 2020-05-22 08:15:54.180942772 +0000
@@ -11,6 +11,7 @@
# Allow system resource access
/proc/*/status r,
+ /proc/sys/kernel/random/boot_id r,
/sys/devices/system/cpu/ r,
/sys/devices/system/node/ r,
/sys/devices/system/node/** r,
And replace the current profile with:
apparmor_parser -r /etc/apparmor.d/usr.sbin.mysqld
It would be nice, to include this fix to the current version.
ProblemType: Bug
DistroRelease: Ubuntu 20.04
Package: mysql-server 8.0.20-0ubuntu0.20.04.1
ProcVersionSignature: Ubuntu 5.4.0-31.35-generic 5.4.34
Uname: Linux 5.4.0-31-generic x86_64
ApportVersion: 2.20.11-0ubuntu27
Architecture: amd64
CasperMD5CheckResult: pass
Date: Fri May 22 08:18:37 2020
InstallationDate: Installed on 2020-05-01 (20 days ago)
InstallationMedia: Ubuntu-Server 20.04 LTS "Focal Fossa" - Release amd64
(20200423)
Logs.var.log.daemon.log:
MySQLConf.etc.mysql.conf.d.mysql.cnf: [mysql]
MySQLConf.etc.mysql.conf.d.mysqldump.cnf:
[mysqldump]
quick
quote-names
max_allowed_packet = 16M
MySQLVarLibDirListing: ['#ib_16384_0.dblwr', 'binlog.000007', 'client-key.pem',
'binlog.000001', 'test', 'undo_001', 'debian-5.7.flag', 'ca.pem',
'binlog.000010', 'performance_schema', 'public_key.pem', 'undo_002',
'debian-5.5.flag', 'server-cert.pem', 'binlog.000006', 'client-cert.pem',
'mysql_upgrade_info', 'mysql', '#ib_16384_1.dblwr', 'binlog.000011', 'ibtmp1',
'topackt', 'binlog.000003', 'binlog.000004', 'ib_buffer_pool', '#innodb_temp',
'auto.cnf', 'private_key.pem', 'ib_logfile0', 'ib_logfile1', 'binlog.index',
'binlog.000005', 'mysql.ibd', 'sys', 'ca-key.pem', 'phpmyadmin', 'ibdata1',
'binlog.000008', 'binlog.000009', 'binlog.000002', 'server-key.pem', 'proftpd',
'srv1.pid']
PackageArchitecture: all
ProcEnviron:
TERM=screen.xterm-256color
PATH=(custom, no user)
LANG=de_DE.UTF-8
SHELL=/bin/bash
SourcePackage: mysql-8.0
UpgradeStatus: No upgrade log present (probably fresh install)
modified.conffile..etc.apparmor.d.usr.sbin.mysqld: [modified]
modified.conffile..etc.mysql.mysql.conf.d.mysql.cnf: [modified]
modified.conffile..etc.mysql.mysql.conf.d.mysqld.cnf: [modified]
mtime.conffile..etc.apparmor.d.usr.sbin.mysqld: 2020-05-22T08:15:54.180943
mtime.conffile..etc.mysql.mysql.conf.d.mysql.cnf: 2020-05-22T08:11:39.057082
mtime.conffile..etc.mysql.mysql.conf.d.mysqld.cnf: 2020-05-22T08:10:42.401548
** Affects: mysql-8.0 (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apparmor apport-bug focal third-party-packages uec-images
** Summary changed:
- apparmor profile allow read on /proc/sys/kernel/random/boot_id
+ apparmor profile: allow read on /proc/sys/kernel/random/boot_id
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1880109
Title:
apparmor profile: allow read on /proc/sys/kernel/random/boot_id
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mysql-8.0/+bug/1880109/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
