[Bug 434915] Re: mysql-server-5.1 can't chroot

[Jamie Strandboge]

Running a process confined and chrooting are typically two different,
mutually-exclusive solutions to the same problem.

The apparmor profile contains mysqld in a similar way that the
traditional chrooting does. There is no reason to chroot mysqld on
Ubuntu if you are using the AppArmor profile. The reason why the profile
was developed was so that all mysqld users would benefit from the
enhanced security of running mysqld under confinement, and not require
users to have to diverge from the standard installation and use chroot.

Users are welcome to use traditional chrooting if they prefer, and need only disable the apparmor profile by performing:
$ sudo apparmor_parser -R /etc/apparmor.d/usr.sbin.mysqld
$ ln -s /etc/apparmor.d/usr.sbin.mysqld /etc/apparmor.d/disable/usr.sbin.mysqld

The first unloads the profile from the kernel, and the second disables
the profile on boot.


** Changed in: mysql-dfsg-5.1 (Ubuntu)
       Status: Incomplete => Won't Fix

** Changed in: mysql-dfsg-5.1 (Ubuntu)
     Assignee: (unassigned) => Jamie Strandboge (jdstrand)

-- 
mysql-server-5.1 can't chroot
https://bugs.launchpad.net/bugs/434915
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to mysql-dfsg-5.1 in ubuntu.