** Description changed: The AppArmor profile usr.sbin.mysqld-akonadi is not compatible with seccomp in general and the no_new_privs bit specifically, because it includes a profile transition. I came across this when I tried to write a profile for the Firejail sandbox, and had to omit everything seccomp related in order to not break Akonadi: - https://github.com/netblue30/firejail/blob/1bc84f3e53f66abf4ee246e89f20f72626a199de/etc/akonadi_control.profile + https://github.com/netblue30/firejail/blob/master/etc/akonadi_control.profile Would it be possible for you to replace access mode cx with ix here? Especially because the transition in usr.sbin.mysqld-akonadi seems to - not have been motivated by any administrative or security needs.... + not have been motivated by administrative or security needs.... Best regards, smitsohu
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1759084 Title: mysqld-akonadi profile does not support seccomp To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1759084/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs