[Bug 444479] Re: missing apparmor access rule
Stopping apparmor then restarting mysql then stopping mysql and starting apparmor and starting mysql while apparmor is started works fine over here. Updated to 10.10. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to mysql-dfsg-5.1 in Ubuntu. https://bugs.launchpad.net/bugs/79 Title: missing apparmor access rule -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 444479] Re: missing apparmor access rule
I am also not able to start the mysql process successfully, even after adding the line /sys/devices/system/cpu/ r, to /etc/apparmor.d/usr.sbin.mysqld. Did an update of packages apt-get install mysql-client mysql-client-5.1 mysql-client-core-5.1 on ubuntu lucid. After this, when starting mysql with upstart script: service mysql start it just hangs, ps -e | grep my shows no processes. This happens when apparmor is running and when it is not, though settings (checked from a working mysql database server) seem to be correct. Something in the context/apparmor/security must be missing... any ideas? Could I remove profiles from apparmor to see if this is related without risking a server reboot? Apparmor status shows: /etc/init.d/apparmor status apparmor module is loaded. 6 profiles are loaded. 6 profiles are in enforce mode. /sbin/dhclient3 /usr/bin/freshclam /usr/lib/NetworkManager/nm-dhcp-client.action /usr/lib/connman/scripts/dhclient-script /usr/sbin/mysqld /usr/sbin/tcpdump 0 profiles are in complain mode. 1 processes have profiles defined. 1 processes are in enforce mode : /usr/bin/freshclam (1706) 0 processes are in complain mode. 0 processes are unconfined but have a profile defined. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to mysql-dfsg-5.1 in ubuntu. https://bugs.launchpad.net/bugs/79 Title: missing apparmor access rule -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 444479] Re: missing apparmor access rule
This solved my problem on Ubuntu Lucid: apt-get remove --purge mysql-server mysql-common mysql-client apt-get install mysql-server After purging and installing the packages, mysql started fine. Seems it was mysql-related. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to mysql-dfsg-5.1 in ubuntu. https://bugs.launchpad.net/bugs/79 Title: missing apparmor access rule -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 444479] Re: missing apparmor access rule
I'm using ubuntu 9.10 and was having those messages on /var/log/syslog when trying to stop mysql. Added the line /sys/devices/system/cpu/ r, to the end of directories listing (before the last }) of /etc/apparmor.d/usr.sbin.mysqld and now the messages stopped... but i can't stop mysql yet. When I run $ sudo service mysql stop or $/etc/init.d/mysqld stop it fails and doesnt print nothing to syslog, dmesg or mysql logs. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to mysql-dfsg-5.1 in ubuntu. https://bugs.launchpad.net/bugs/79 Title: missing apparmor access rule -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 444479] Re: missing apparmor access rule
This bug was fixed in the package mysql-dfsg-5.1 - 5.1.41-3ubuntu6 --- mysql-dfsg-5.1 (5.1.41-3ubuntu6) lucid; urgency=low * debian/apparmor-profile: Upate apparmor profile. Get rid of annoying warning when starting mysql. (LP: #79) -- Chuck Short zul...@ubuntu.com Thu, 18 Feb 2010 13:54:43 -0500 ** Changed in: mysql-dfsg-5.1 (Ubuntu) Status: Triaged = Fix Released -- missing apparmor access rule https://bugs.launchpad.net/bugs/79 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to mysql-dfsg-5.1 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 444479] Re: missing apparmor access rule
Can you double-check that a) really this line makes mysql start again (just remove that line, restart apparmor and try to restart mysql) b) you really started mysql *after* apparmor I just double-checked this issue on my system and mysql 5.1 will start without problems with the proposed line missing. -- missing apparmor access rule https://bugs.launchpad.net/bugs/79 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to mysql-dfsg-5.1 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 444479] Re: missing apparmor access rule
I have experienced mysql failing to start for the last 2 months, after an Ubuntu upgrade, and this failure to start could be worked around by stopping apparmor. I have now added the line proposed in the original posting, and mysql now appears to start satisfactorily when apparmor is running. My experience therefore contradicts that of Juri Haberland in msg #13. In my experience this bug is a serious problem and the proposed fix works. -- missing apparmor access rule https://bugs.launchpad.net/bugs/79 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to mysql-dfsg-5.1 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 444479] Re: missing apparmor access rule
Raising importance, between this bug and Bug #448656 and no telling how many others, this is affecting a number of users. ** Changed in: mysql-dfsg-5.1 (Ubuntu) Importance: Low = Medium -- missing apparmor access rule https://bugs.launchpad.net/bugs/79 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to mysql-dfsg-5.1 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 444479] Re: missing apparmor access rule
To everyone having problems with not starting mysql daemons: This bug (or better: omission) does *not* prevent mysql from starting - it just produces a message in the syslog about a denied file access. -- missing apparmor access rule https://bugs.launchpad.net/bugs/79 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to mysql-dfsg-5.1 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 444479] Re: missing apparmor access rule
Made changes to apparmor, still mysql will not start. Also did not have skip-bdb in my.cnf. After restarting apparmor, I did notice that a few error messages disappeared, and after deleting ibdata1 and ib_logfile0 and ib_logfile1 at least I am getting completely different errors now, so there may be something to this. -- missing apparmor access rule https://bugs.launchpad.net/bugs/79 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to mysql-dfsg-5.1 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 444479] Re: missing apparmor access rule
I don't even have skip-bdb in /etc/mysql/my.cnf, so commenting it out isn't the solution. Using mysql 5.3.37 probided by mysql-server-5.1 on Ubuntu 9.10 / Karmic. -- missing apparmor access rule https://bugs.launchpad.net/bugs/79 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to mysql-dfsg-5.1 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 444479] Re: missing apparmor access rule
This is my daemon.log mysqld_safe: Starting mysqld daemon with databases from /home/mysqldata Oct 30 10:09:44 trond-laptop mysqld: 091030 10:09:44 [Note] Plugin 'FEDERATED' is disabled. Oct 30 10:09:44 trond-laptop mysqld: /usr/sbin/mysqld: Table 'mysql.plugin' doesn't exist Oct 30 10:09:44 trond-laptop mysqld: 091030 10:09:44 [ERROR] Can't open the mysql.plugin table. Please run mysql_upgrade to create it. Oct 30 10:09:44 trond-laptop mysqld: 091030 10:09:44 InnoDB: Started; log sequence number 0 10235864 Oct 30 10:09:44 trond-laptop mysqld: 091030 10:09:44 [ERROR] /usr/sbin/mysqld: unknown option '--skip-bdb' Oct 30 10:09:44 trond-laptop mysqld: 091030 10:09:44 [ERROR] Aborting Oct 30 10:09:44 trond-laptop mysqld: Oct 30 10:09:44 trond-laptop mysqld: 091030 10:09:44 InnoDB: Starting shutdown... Oct 30 10:09:45 trond-laptop mysqld: 091030 10:09:45 InnoDB: Shutdown completed; log sequence number 0 10235864 Oct 30 10:09:45 trond-laptop mysqld: 091030 10:09:45 [Warning] Forcing shutdown of 1 plugins Oct 30 10:09:45 trond-laptop mysqld: 091030 10:09:45 [Note] /usr/sbin/mysqld: Shutdown complete Oct 30 10:09:45 trond-laptop mysqld: Oct 30 10:09:45 trond-laptop mysqld_safe: mysqld from pid file /var/run/mysqld/mysqld.pid ended Oct 30 10:09:58 trond-laptop /etc/init.d/mysql[23033]: 0 processes alive and '/usr/bin/mysqladmin --defaults-file=/etc/mysql/debian.cnf ping' resulted in Oct 30 10:09:58 trond-laptop /etc/init.d/mysql[23033]: #007/usr/bin/mysqladmin: connect to server at 'localhost' failed Oct 30 10:09:58 trond-laptop /etc/init.d/mysql[23033]: error: 'Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)' Oct 30 10:09:58 trond-laptop /etc/init.d/mysql[23033]: Check that mysqld is running and that the socket: '/var/run/mysqld/mysqld.sock' exists! Oct 30 10:09:58 trond-laptop /etc/init.d/mysql[23033]: I have tried to run the mysql_upgrade command, but it won't run as the server is not running. -- missing apparmor access rule https://bugs.launchpad.net/bugs/79 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to mysql-dfsg-5.1 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 444479] Re: missing apparmor access rule
What worked for me was to mark out skip-bdb in the my.cnf file I have attached the my.cnf file ** Attachment added: the mysql configuration file http://launchpadlibrarian.net/34672629/my.cnf -- missing apparmor access rule https://bugs.launchpad.net/bugs/79 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to mysql-dfsg-5.1 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 444479] Re: missing apparmor access rule
Note to above post: The solution was found in this post: http://www .mail-archive.com/debian-bugs...@lists.debian.org/msg189569.html -- missing apparmor access rule https://bugs.launchpad.net/bugs/79 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to mysql-dfsg-5.1 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 444479] Re: missing apparmor access rule
Also tried to add the deny /sys/devices/system/cpu/ r, rule Started apparmor OK Starting mysql - Not OK -- missing apparmor access rule https://bugs.launchpad.net/bugs/79 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to mysql-dfsg-5.1 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 444479] Re: missing apparmor access rule
** Tags added: apparmor -- missing apparmor access rule https://bugs.launchpad.net/bugs/79 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to mysql-dfsg-5.1 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 444479] Re: missing apparmor access rule
Using deny /sys/devices/system/cpu/ r, seems to just suppress the message but makes no difference to functionality (access to /sys/devices/system/cpu/ is denied and /proc/stat accessed instead). -- missing apparmor access rule https://bugs.launchpad.net/bugs/79 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to mysql-dfsg-5.1 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 444479] Re: missing apparmor access rule
No, not that I have noticed. Mysqld seems to access /proc/stat if /sys/devices/system/cpu/ is not accessible. -- missing apparmor access rule https://bugs.launchpad.net/bugs/79 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to mysql-dfsg-5.1 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 444479] Re: missing apparmor access rule
Can you add the following to your /etc/apparmor.d/usr.sbin.mysqld: deny /sys/devices/system/cpu/ r, Regards chuck -- missing apparmor access rule https://bugs.launchpad.net/bugs/79 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to mysql-dfsg-5.1 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 444479] Re: missing apparmor access rule
I get long delays in my boot process just around this error: Oct 7 09:37:11 maxwell kernel: [ 13.893332] input: HDA Digital PCBeep as /devices/pci:00/:00:1b.0/input/input8 Oct 7 09:37:11 maxwell kernel: [ 15.370647] __ratelimit: 9 callbacks suppressed Oct 7 09:37:11 maxwell kernel: [ 15.370658] type=1505 audit(1254933431.270:13): operation=profile_replace pid=821 name=/usr/share/gdm/guest-session/Xsession Oct 7 09:37:11 maxwell kernel: [ 15.375305] type=1505 audit(1254933431.274:14): operation=profile_replace pid=822 name=/sbin/dhclient3 Oct 7 09:37:11 maxwell kernel: [ 15.376137] type=1505 audit(1254933431.278:15): operation=profile_replace pid=822 name=/usr/lib/NetworkManager/nm-dhcp-client.action Oct 7 09:37:11 maxwell kernel: [ 15.376627] type=1505 audit(1254933431.278:16): operation=profile_replace pid=822 name=/usr/lib/connman/scripts/dhclient-script Oct 7 09:37:11 maxwell kernel: [ 15.386835] type=1505 audit(1254933431.286:17): operation=profile_replace pid=823 name=/usr/bin/evince Oct 7 09:37:16 maxwell kernel: [ 15.398664] type=1505 audit(1254933431.298:18): operation=profile_replace pid=823 name=/usr/bin/evince-previewer Oct 7 09:37:16 maxwell kernel: [ 15.405706] type=1505 audit(1254933431.306:19): operation=profile_replace pid=823 name=/usr/bin/evince-thumbnailer Oct 7 09:37:16 maxwell kernel: [ 15.432473] type=1505 audit(1254933431.334:20): operation=profile_replace pid=825 name=/usr/lib/cups/backend/cups-pdf Oct 7 09:37:16 maxwell kernel: [ 15.433545] type=1505 audit(1254933431.334:21): operation=profile_replace pid=825 name=/usr/sbin/cupsd Oct 7 09:37:16 maxwell kernel: [ 15.438651] type=1505 audit(1254933431.338:22): operation=profile_replace pid=826 name=/usr/sbin/mysqld Oct 7 09:37:19 maxwell kernel: [ 20.729191] tg3 :02:00.0: PME# disabled Oct 7 09:37:19 maxwell kernel: [ 20.729470] alloc irq_desc for 29 on node -1 Oct 7 09:37:19 maxwell kernel: [ 20.729479] alloc kstat_irqs on node -1 Oct 7 09:37:19 maxwell kernel: [ 20.729560] tg3 :02:00.0: irq 29 for MSI/MSI-X Oct 7 09:37:19 maxwell kernel: [ 20.791928] ADDRCONF(NETDEV_UP): eth0: link is not ready Oct 7 09:37:19 maxwell kernel: [ 22.989336] __ratelimit: 3 callbacks suppressed Oct 7 09:37:19 maxwell kernel: [ 22.989345] type=1503 audit(1254933438.890:24): operation=open pid=1126 parent=1125 profile=/usr/sbin/mysqld requested_mask=r:: denied_mask=r:: fsuid=0 ouid=0 name=/sys/devices/system/cpu/ Oct 7 09:37:49 maxwell kernel: [ 23.832901] type=1503 audit(1254933439.734:25): operation=open pid=1149 parent=1148 profile=/usr/sbin/mysqld requested_mask=r:: denied_mask=r:: fsuid=0 ouid=0 name=/sys/devices/system/cpu/ Oct 7 09:37:49 maxwell kernel: [ 24.428913] type=1503 audit(1254933440.330:26): operation=open pid=1264 parent=1156 profile=/usr/sbin/mysqld requested_mask=r:: denied_mask=r:: fsuid=0 ouid=0 name=/sys/devices/system/cpu/ Oct 7 09:37:52 maxwell kernel: [ 53.437479] type=1503 audit(1254933469.339:27): operation=open pid=1270 parent=1269 profile=/usr/sbin/mysqld requested_mask=r:: denied_mask=r:: fsuid=0 ouid=0 name=/sys/devices/system/cpu/ Oct 7 09:37:52 maxwell kernel: [ 54.470040] type=1503 audit(1254933470.371:28): operation=open pid=1280 parent=1279 profile=/usr/sbin/mysqld requested_mask=r:: denied_mask=r:: fsuid=0 ouid=0 name=/sys/devices/system/cpu/ Oct 7 09:37:52 maxwell kernel: [ 55.499957] type=1503 audit(1254933471.399:29): operation=open pid=1290 parent=1289 profile=/usr/sbin/mysqld requested_mask=r:: denied_mask=r:: fsuid=0 ouid=0 name=/sys/devices/system/cpu/ Oct 7 09:37:55 maxwell kernel: [ 56.531630] type=1503 audit(1254933472.431:30): operation=open pid=1306 parent=1305 profile=/usr/sbin/mysqld requested_mask=r:: denied_mask=r:: fsuid=0 ouid=0 name=/sys/devices/system/cpu/ Oct 7 09:37:55 maxwell kernel: [ 57.584831] type=1503 audit(1254933473.486:31): operation=open pid=1326 parent=1325 profile=/usr/sbin/mysqld requested_mask=r:: denied_mask=r:: fsuid=0 ouid=0 name=/sys/devices/system/cpu/ Oct 7 09:37:55 maxwell kernel: [ 58.400344] eth2: no IPv6 routers present Oct 7 09:37:56 maxwell kernel: [ 59.184966] type=1503 audit(1254933475.083:32): operation=open pid=1368 parent=1367 profile=/usr/sbin/mysqld requested_mask=r:: denied_mask=r:: fsuid=0 ouid=0 name=/sys/devices/system/cpu/ Oct 7 09:37:56 maxwell kernel: [ 59.367805] type=1503 audit(1254933475.267:33): operation=open pid=1381 parent=1380 profile=/usr/sbin/mysqld requested_mask=r:: denied_mask=r:: fsuid=0 ouid=0 name=/sys/devices/system/cpu/ Oct 7 09:37:56 maxwell kernel: [ 61.004386] CPU0 attaching NULL sched-domain. ** Attachment added: maxwell-karmic-20091007-1.png http://launchpadlibrarian.net/33252200/maxwell-karmic-20091007-1.png -- missing apparmor access rule https://bugs.launchpad.net/bugs/79 You received this bug notification because you are a member of Ubuntu Server Team,