Packaging/Dependency problem with mysql-server and apparmor vs. selinux (16.04 LTS)
Robie Basak
robie.basak at ubuntu.com
Sat Nov 12 07:57:49 UTC 2016
On Fri, Nov 11, 2016 at 10:48:22PM +0100, Bjoern Kahl wrote:
> I suppose this to be a packaging bug, but if it is instead intended
> behaviour, then I'd like to learn why mysql-server has a hard
> dependency on apparmor (and only apparmor, of all the various Linux
> Security Modules out there). I'd also like to learn where to discuss
> possible reconsideration, or what my options are to get mysql-server
> installed on my SELinux hardened system.
This is my mistake. Sorry. On upgrade from Trusty to Xenial, it was
necesssary to ensure that AppArmor was upgraded first (otherwise the
release upgrade would fail). I should have used a Breaks clause in the
packaging to ensure this, but for some reason it didn't occur to me at
the time to do this, so I ended up doing it with a Depends instead, on
the basis that apparmor is installed by default on Ubuntu anyway. This
is wrong. It should have been a Breaks. I did realise this a while ago,
but I couldn't think of any use case it broke, so I left it (though I
dropped the Depends in the development release). I'm not sure to what
extent we support SELinux on Ubuntu, but it certainly wasn't my
intention to prevent users from using it unnecessarily.
We can fix this in the next stable update if you like. Please file a
bug.
Robie
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20161112/a7177cab/attachment.sig>
More information about the Ubuntu-devel-discuss
mailing list