You can also work around this by setting the mysql profile into complain
mode. Edit /etc/apparmor.d/usr.sbin.mysqld and change the line
/usr/sbin/mysqld {
to
/usr/sbin/mysqld flags=(complain) {
then reload the profile with
sudo apparmor_parser -r /etc/apparmor.d/usr.sbin.mysqld
after this I no longer get the 'Can't create test file' warnings.
However it would seem better for the application code to automatically
update the /etc/apparmor.d/local/usr.sbin.mysqld file as it learns of
paths. This would be similar to how libvirt uses virt-aa-helper to
update policies for qemu VMs to allow access to the block devices (etc)
listed in the VM specification.
Is there a better way you can think of to accomodate this use case
(without giving up the protection against mysql using arbitrary paths)?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1095370
Title:
apparmor prevents non-default mysql data directories
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mysql-5.5/+bug/1095370/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
