[apparmor] [Patch] abstractions/mysql: changed paths

[Christian Boltz]

Hello,

abstractions/mysql  contains
   /var/lib/mysql/mysql.sock rw,
   /usr/share/mysql/charsets/ r,
   /usr/share/mysql/charsets/*.xml r,

but the files moved (at least on openSUSE) to
    /usr/share/mysql-community-server/charsets/*.xml
    /var/run/mysql/mysql.sock
This causes denials for all applications using MySQL on 12.2 and 
Factory.

MariaDB has the *.xml files in
    /usr/share/mariadb/charsets/*.xml
and also seems to use /var/run/mysql/ for the socket.

Since MariaDB is basically a drop-in replacement for MySQL, it would 
make sense to allow access to it via abstractions/mysql.

References: https://bugzilla.novell.com/show_bug.cgi?id=798183


I propose this patch for trunk and the 2.8 branch.


=== modified file 'profiles/apparmor.d/abstractions/mysql'
--- profiles/apparmor.d/abstractions/mysql    2010-12-20 20:29:10 +0000
+++ profiles/apparmor.d/abstractions/mysql    2013-01-11 21:50:19 +0000
@@ -1,6 +1,7 @@
 # ------------------------------------------------------------------
 #
 #    Copyright (C) 2002-2006 Novell/SUSE
+#    Copyright (C) 2013 Christian Boltz
 #
 #    This program is free software; you can redistribute it and/or
 #    modify it under the terms of version 2 of the GNU General Public
@@ -9,5 +10,6 @@
 # ------------------------------------------------------------------
 
    /var/lib/mysql/mysql.sock rw,
-   /usr/share/mysql/charsets/ r,
-   /usr/share/mysql/charsets/*.xml r,
+   /{var/,}run/mysql/mysql.sock rw,
+   /usr/share/{mysql,mysql-community-server,mariadb}/charsets/ r,
+   /usr/share/{mysql,mysql-community-server,mariadb}/charsets/*.xml r,





Regards,

Christian Boltz
-- 
Eine Katze hat einen Schwanz mehr als keine Katze. Keine Katze hat
zwei Schwänze, also hat eine Katze drei Schwänze.
[Bernd Brodesser in suse-linux]