[Bug 617463] Re: mysql fails to load innodb plugin due to apparmor rejection.

Stefano Rivera launchpad at rivera.za.net
Fri Sep 21 11:17:16 UTC 2012 

** Description changed:

+ == SRU Stuff ==
+ 
+ === Impact ===
+ The HA innodb plugin can't be used, as the apparmor rules don't allow access to the plugin directory.
+ 
+ === Regression potential ===
+ Minimal. When this rule was added in maverick, it went through a few iterations:
+ 5.1.49-1ubuntu5, 5.1.49-1ubuntu6, and 5.1.49-1ubuntu7.
+ But it hasn't been changed since, so we can assume it isn't too problematic.
+ 
+ === Test Case ===
+ 
+ Install mysql-server. Stop it.
+ 
+ Add the following to a [mysqld] block in my.cnf:
+ 
+ ignore_builtin_innodb
+ plugin-load=innodb=ha_innodb_plugin.so;innodb_trx=ha_innodb_plugin.so;innodb_locks=ha_innodb_plugin.so;innodb_lock_waits=ha_innodb_plugin.so;innodb_cmp=ha_innodb_plugin.so;innodb_cmp_reset=ha_innodb_plugin.so;innodb_cmpmem=ha_innodb_plugin.so;innodb_cmpmem_reset=ha_innodb_plugin.so
+ 
+ Then mysql won't start, reporting that it can't load the innodb plugin.
+ If it starts, we've solved the problem.
+ 
+ == Original Report ==
+ 
  Attempting to run the mysql testsuite fails with the apparmor policy as
  shipped in maverick with the following rejection:
  
  [72565.740926] type=1400 audit(1281713173.741:61): apparmor="DENIED"
  operation="file_mmap" parent=18416 profile="/usr/sbin/mysqld"
  name="/usr/lib/mysql/plugin/ha_innodb_plugin.so.0.0.0" pid=18417
  comm="mysqld" requested_mask="m" denied_mask="m" fsuid=1000 ouid=0
  
  The following needs to be added to the apparmor profile for mysqld:
  
-   /usr/lib/mysql/plugin/*.so* m,
+   /usr/lib/mysql/plugin/*.so* m,
  
  This also may be an issue on lucid, though I haven't built a version of
  mysql there with the fix for bug 617461 to reproduce it.

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to mysql-dfsg-5.1 in Ubuntu.
https://bugs.launchpad.net/bugs/617463

Title:
  mysql fails to load innodb plugin due to apparmor rejection.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mysql-5.1/+bug/617463/+subscriptions

More information about the Ubuntu-server-bugs mailing list