[Bug 382727] Re: package mysql-server-5.0 5.1.30really5.0.75-0ubuntu10.2 failed to install/upgrade: le sous-processus post-installation script a retourn? une erreur de sortie d'?tat 1

Mathias Gug mathiaz at ubuntu.com
Mon Jun 8 21:05:31 BST 2009 

On Sat, Jun 06, 2009 at 12:34:43PM -0000, pascal wrote:
> kern.log after an update:
> 

Relevant error messages:
> audit(1244290348.293:19): operation="profile_replace" 
> name="/usr/sbin/mysqld" name2="default" pid=6774
> Jun  6 14:12:28 pascal-laptop kernel: [ 2951.715329] type=1505 
> audit(1244290348.333:20): operation="profile_replace" 
> name="/usr/sbin/mysqld" name2="default" pid=6781
> Jun  6 14:12:45 pascal-laptop kernel: [ 2969.356185] type=1503 
> audit(1244290365.974:25): operation="inode_create" requested_mask="a::" 
> denied_mask="a::" fsuid=0 name="/home/mysql/pascal-laptop.lower-test" 
> pid=7176 profile="/usr/sbin/mysqld"
> Jun  6 14:12:45 pascal-laptop kernel: [ 2969.356259] type=1503 
> audit(1244290365.974:26): operation="inode_create" requested_mask="a::" 
> denied_mask="a::" fsuid=0 name="/home/mysql/pascal-laptop.lower-test" 
> pid=7176 profile="/usr/sbin/mysqld"
> Jun  6 14:12:45 pascal-laptop kernel: [ 2969.363748] type=1503 
> audit(1244290365.982:27): operation="inode_permission" 
> requested_mask="r::" denied_mask="r::" fsuid=112 
> name="/home/mysql/mysql/db.frm" pid=7179 profile="/usr/sbin/mysqld"
> Jun  6 14:12:46 pascal-laptop kernel: [ 2969.403433] type=1503 
> audit(1244290366.022:28): operation="inode_create" requested_mask="a::" 
> denied_mask="a::" fsuid=0 name="/home/mysql/pascal-laptop.lower-test" 
> pid=7191 profile="/usr/sbin/mysqld"
> Jun  6 14:12:46 pascal-laptop kernel: [ 2969.403508] type=1503 
> audit(1244290366.022:29): operation="inode_create" requested_mask="a::" 
> denied_mask="a::" fsuid=0 name="/home/mysql/pascal-laptop.lower-test" 
> pid=7191 profile="/usr/sbin/mysqld"
> Jun  6 14:12:46 pascal-laptop kernel: [ 2969.407872] type=1503 
> audit(1244290366.026:30): operation="inode_permission" 
> requested_mask="r::" denied_mask="r::" fsuid=112 
> name="/home/mysql/mysql/user.frm" pid=7195 profile="/usr/sbin/mysqld"
> Jun  6 14:12:46 pascal-laptop kernel: [ 2969.407921] type=1503 
> audit(1244290366.026:31): operation="inode_permission" 
> requested_mask="r::" denied_mask="r::" fsuid=112 
> name="/home/mysql/mysql/user.frm" pid=7195 profile="/usr/sbin/mysqld"
> Jun  6 14:12:46 pascal-laptop kernel: [ 2969.408101] type=1503 
> audit(1244290366.026:32): operation="inode_permission" 
> requested_mask="r::" denied_mask="r::" fsuid=112 
> name="/home/mysql/mysql/user.frm" pid=7195 profile="/usr/sbin/mysqld"
> Jun  6 14:12:46 pascal-laptop kernel: [ 2969.437078] type=1503 
> audit(1244290366.058:33): operation="inode_create" requested_mask="a::" 
> denied_mask="a::" fsuid=0 name="/home/mysql/pascal-laptop.lower-test" 
> pid=7202 profile="/usr/sbin/mysqld"
> Jun  6 14:12:46 pascal-laptop kernel: [ 2969.437463] type=1503 
> audit(1244290366.058:34): operation="inode_create" requested_mask="a::" 
> denied_mask="a::" fsuid=0 name="/home/mysql/pascal-laptop.lower-test" 
> pid=7202 profile="/usr/sbin/mysqld"

So the problem is related to mysqld apparmor profile. Apparently mysqld
profile has been replaced during the upgrade (first line in the audit
log).

> 
> /etc/apparmor.d/usr.sbin.mysqld:
> 
> # vim:syntax=apparmor
> # Last Modified: Tue Jun 19 17:37:30 2007
> #include <tunables/global>
> 
> /usr/sbin/mysqld {
>   #include <abstractions/base>
>   #include <abstractions/nameservice>
>   #include <abstractions/user-tmp>
>   #include <abstractions/mysql>
>   #include <abstractions/winbind>
> 
>   capability dac_override,
>   capability sys_resource,
>   capability setgid,
>   capability setuid,
> 
>   network tcp,
> 
>   /etc/hosts.allow r,
>   /etc/hosts.deny r,
> 
>   /etc/mysql/*.pem r,
>   /etc/mysql/conf.d/ r,
>   /etc/mysql/conf.d/* r,
>   /etc/mysql/my.cnf r,
>   /usr/sbin/mysqld mr,
>   /usr/share/mysql/** r,
>   /var/log/mysql.log rw,
>   /var/log/mysql.err rw,
>   /home/mysql/ r,
>   /home/mysql/** rwk,
>   /var/log/mysql/ r,
>   /var/log/mysql/* rw,
>   /var/run/mysqld/mysqld.pid w,
>   /var/run/mysqld/mysqld.sock w,
> }

It seems that the apparmor profile is customized to allow access to
/home/mysql/. Could you make sure that the correct profile has been
reloaded?

-- 
Mathias Gug
Ubuntu Developer  http://www.ubuntu.com

-- 
package mysql-server-5.0 5.1.30really5.0.75-0ubuntu10.2 failed to install/upgrade: le sous-processus post-installation script a retourn? une erreur de sortie d'?tat 1
https://bugs.launchpad.net/bugs/382727
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to mysql-dfsg-5.0 in ubuntu.

More information about the Ubuntu-server-bugs mailing list