[Bug 986892] Re: mysql-server postrm breaks apparmor profile for later versions on purge
Thomas "Tanghus" Olsen
thomas at tanghus.net
Tue Aug 14 12:45:00 UTC 2012
@Clint: You suggested that the comment on http://tanghus.net/2012/03/yet-another-mysql-vs-apparmor-barf/#comment-298 is related, which seems to be the case. What I experienced wasn't a missing /etc/apparmor.d/local/usr.sbin.mysqld, but rather that the update would have changed the paths back to the not-working /var/run/* paths after I had manually corrected them to use /run prior to upgrading to Precise.
I didn't have an image earlier than 12.04, but tried to install mysql-server in a VM (it wasn't available in proposed anymore?). I'm not sure what conditional logic to look for in /var/lib/dpkg/info/mysql-server-5.5.postrm. /var/lib/dpkg/info/mysql-server-5.1.postrm does get removed on purge, but I assume that is intended behaviour?
/etc/apparmor.d/local/usr.sbin.mysqld is empty except for:
# Site-specific additions and overrides for usr.sbin.mysqld.
# For more details, please see /etc/apparmor.d/local/README.
/etc/apparmor.d/usr.sbin.mysqld otoh contains both:
/var/run/mysqld/mysqld.pid w,
/var/run/mysqld/mysqld.sock w,
/run/mysqld/mysqld.pid w,
/run/mysqld/mysqld.sock w,
But mysql runs fine:
Aug 14 14:34:30 NemID-VirtualBox kernel: [ 1530.635603] type=1400 audit(1344947670.136:27): apparmor="STATUS" operation="profile_replace" name="/usr/sbin/mysqld" pid=6072 comm="apparmor_parser"
Aug 14 14:34:32 NemID-VirtualBox /etc/mysql/debian-start[6116]: Upgrading MySQL tables if necessary.
Aug 14 14:34:32 NemID-VirtualBox /etc/mysql/debian-start[6119]: /usr/bin/mysql_upgrade: the '--basedir' option is always ignored
Aug 14 14:34:32 NemID-VirtualBox /etc/mysql/debian-start[6119]: Looking for 'mysql' as: /usr/bin/mysql
Aug 14 14:34:32 NemID-VirtualBox /etc/mysql/debian-start[6119]: Looking for 'mysqlcheck' as: /usr/bin/mysqlcheck
Aug 14 14:34:32 NemID-VirtualBox /etc/mysql/debian-start[6119]: This installation of MySQL is already upgraded to 5.5.24, use --force if you still need to run mysql_upgrade
Aug 14 14:34:32 NemID-VirtualBox /etc/mysql/debian-start[6130]: Checking for insecure root accounts.
Aug 14 14:34:32 NemID-VirtualBox /etc/mysql/debian-start[6135]: Triggering myisam-recover for all MyISAM tables
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to debhelper in Ubuntu.
https://bugs.launchpad.net/bugs/986892
Title:
mysql-server postrm breaks apparmor profile for later versions on
purge
Status in “apparmor” package in Ubuntu:
Fix Released
Status in “debhelper” package in Ubuntu:
Invalid
Status in “mysql-5.1” package in Ubuntu:
Invalid
Status in “mysql-5.5” package in Ubuntu:
Fix Released
Status in “mysql-dfsg-5.1” package in Ubuntu:
Invalid
Status in “apparmor” source package in Lucid:
Invalid
Status in “debhelper” source package in Lucid:
Invalid
Status in “mysql-5.1” source package in Lucid:
Invalid
Status in “mysql-5.5” source package in Lucid:
Invalid
Status in “mysql-dfsg-5.1” source package in Lucid:
In Progress
Status in “apparmor” source package in Oneiric:
Invalid
Status in “debhelper” source package in Oneiric:
In Progress
Status in “mysql-5.1” source package in Oneiric:
Triaged
Status in “mysql-5.5” source package in Oneiric:
Invalid
Status in “mysql-dfsg-5.1” source package in Oneiric:
Invalid
Status in “apparmor” source package in Precise:
Fix Committed
Status in “debhelper” source package in Precise:
Invalid
Status in “mysql-5.1” source package in Precise:
Invalid
Status in “mysql-5.5” source package in Precise:
Fix Committed
Status in “mysql-dfsg-5.1” source package in Precise:
Invalid
Bug description:
MySQL 5.1 and 5.5 must be rebuilt with the updated debhelper/apparmor
and so cannot be verified until those fixes are complete.
Also for clarity sake, there has been a lot of shuffling of this bug
around multiple packages for various reasons. This bug is fixed in
quantal as part of the apparmor upload. All reverse deps should then
be rebuilt for quantal. For SRU's, only known affected packages should
be rebuilt, which thus far seems only to be mysql.
[Test case]
Apparmor:
1.Install dh-apparmor
2. Build a package which build-depends on it (such as mysql-5.5)
3. Extract debs which have dh_apparmor run on them into a dir in tmp with dpkg -e file.deb /tmp/foo
4. Verify that the postrm has conditional logic to not remove the files under /etc/apparmor.d/*/* if the main profile exists.
Debhelper.
Same test case as above, but with debhelper providing dh_apparmor
MySQL 5.1 and MySQL 5.5 (oneiric, precise, lucid)
1. install mysql-server
2. check /var/lib/dpkg/info/mysql-server-5.1.postrm for conditional logic (change 5.1 to 5.5 for precise)
3. for oneiric and lucid, upgrade to Ubuntu 12.04, verify that /etc/apparmor.d/local/usr.sbin.mysqld is still present.
[Regression Potential]
The logic is extremely straight forward, so regressions seem unlikely. Still, at worst, purging will leave behind some useless files in /etc/apparmor.d which should not be of much concern anyway.
== Original bug description ==
After upgrading from Kubuntu 11.10 to 12.04 beta I found that mysql
isn't running after booting the system
In the syslog there is the following row
Apr 22 18:04:13 deathworld kernel: [ 15.848658] init: mysql pre-start process (1033) terminated with status 1
I've tried to execute /etc/init/mysql.conf step by step and found that execution
/lib/init/apparmor-profile-load usr.sbin.mysqld
shows the following error:
AppArmor parser error for /etc/apparmor.d/usr.sbin.mysqld in /etc/apparmor.d/usr.sbin.mysqld at line 44: Could not open 'local/usr.sbin.mysqld'
It's line:
#include <local/usr.sbin.mysqld>
After removing this line mysql can start without any problems
Description: Ubuntu 12.04 LTS
Release: 12.04
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/986892/+subscriptions
More information about the foundations-bugs
mailing list