Thanks for your work on this Clint; it is much appreciated.
I'd prefer not to adjust the profile for the test suite. @{HOME} in an AppArmor
profile does not expand to the process' uid's HOME, but the value of the
@{HOME} variable as set in /etc/apparmor.d/tunables/home. As such, this expands
to:
owner /home/you/tmp/...
owner /home/me/tmp/...
owner /home/her/tmp/...
...
While with 'owner' match, it should generally be ok since /home/you/tmp
shouldn't be owned by the mysql user, it does open an avenue of attack
for people running mysqld as themselves and is IMHO unnecessary.
As for documenting, the best course IMO is patch /usr/lib/mysql-test
/mysql-test-run.pl itself to first do a quick test to see if --vardir is
writable, and if not, give a helpful message about AppArmor possibly
blocking it, suggest to use --vardir=/var/tmp/mysql instead, and exit
with error.
We should of course also adjust the test script in lp:qa-regression-
testing to use --vardir=/var/tmp/mysql, since it is now using the
testsuite.
--
MySQL must not use /tmp
https://bugs.launchpad.net/bugs/375371
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to mysql-dfsg-5.1 in ubuntu.
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
