Public bug reported: I get the follow kernel message:
May 22 08:11:49 srv1 kernel: [29050.927299] audit: type=1400 audit(1590135109.257:99): apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/proc/sys/kernel/random/boot_id" pid=9559 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 It could be easy to fix it: --- /tmp/usr.sbin.mysqld 2020-05-22 08:21:49.698953104 +0000 +++ /etc/apparmor.d/usr.sbin.mysqld 2020-05-22 08:15:54.180942772 +0000 @@ -11,6 +11,7 @@ # Allow system resource access /proc/*/status r, + /proc/sys/kernel/random/boot_id r, /sys/devices/system/cpu/ r, /sys/devices/system/node/ r, /sys/devices/system/node/** r, And replace the current profile with: apparmor_parser -r /etc/apparmor.d/usr.sbin.mysqld It would be nice, to include this fix to the current version. ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: mysql-server 8.0.20-0ubuntu0.20.04.1 ProcVersionSignature: Ubuntu 5.4.0-31.35-generic 5.4.34 Uname: Linux 5.4.0-31-generic x86_64 ApportVersion: 2.20.11-0ubuntu27 Architecture: amd64 CasperMD5CheckResult: pass Date: Fri May 22 08:18:37 2020 InstallationDate: Installed on 2020-05-01 (20 days ago) InstallationMedia: Ubuntu-Server 20.04 LTS "Focal Fossa" - Release amd64 (20200423) Logs.var.log.daemon.log: MySQLConf.etc.mysql.conf.d.mysql.cnf: [mysql] MySQLConf.etc.mysql.conf.d.mysqldump.cnf: [mysqldump] quick quote-names max_allowed_packet = 16M MySQLVarLibDirListing: ['#ib_16384_0.dblwr', 'binlog.000007', 'client-key.pem', 'binlog.000001', 'test', 'undo_001', 'debian-5.7.flag', 'ca.pem', 'binlog.000010', 'performance_schema', 'public_key.pem', 'undo_002', 'debian-5.5.flag', 'server-cert.pem', 'binlog.000006', 'client-cert.pem', 'mysql_upgrade_info', 'mysql', '#ib_16384_1.dblwr', 'binlog.000011', 'ibtmp1', 'topackt', 'binlog.000003', 'binlog.000004', 'ib_buffer_pool', '#innodb_temp', 'auto.cnf', 'private_key.pem', 'ib_logfile0', 'ib_logfile1', 'binlog.index', 'binlog.000005', 'mysql.ibd', 'sys', 'ca-key.pem', 'phpmyadmin', 'ibdata1', 'binlog.000008', 'binlog.000009', 'binlog.000002', 'server-key.pem', 'proftpd', 'srv1.pid'] PackageArchitecture: all ProcEnviron: TERM=screen.xterm-256color PATH=(custom, no user) LANG=de_DE.UTF-8 SHELL=/bin/bash SourcePackage: mysql-8.0 UpgradeStatus: No upgrade log present (probably fresh install) modified.conffile..etc.apparmor.d.usr.sbin.mysqld: [modified] modified.conffile..etc.mysql.mysql.conf.d.mysql.cnf: [modified] modified.conffile..etc.mysql.mysql.conf.d.mysqld.cnf: [modified] mtime.conffile..etc.apparmor.d.usr.sbin.mysqld: 2020-05-22T08:15:54.180943 mtime.conffile..etc.mysql.mysql.conf.d.mysql.cnf: 2020-05-22T08:11:39.057082 mtime.conffile..etc.mysql.mysql.conf.d.mysqld.cnf: 2020-05-22T08:10:42.401548 ** Affects: mysql-8.0 (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apparmor apport-bug focal third-party-packages uec-images ** Summary changed: - apparmor profile allow read on /proc/sys/kernel/random/boot_id + apparmor profile: allow read on /proc/sys/kernel/random/boot_id -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1880109 Title: apparmor profile: allow read on /proc/sys/kernel/random/boot_id To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mysql-8.0/+bug/1880109/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs