[Bug 617463] Re: mysql fails to load innodb plugin due to apparmor rejection.

Stefano Rivera launchpad at rivera.za.net
Sat Sep 22 08:46:22 UTC 2012 

** Description changed:

  == SRU Stuff ==
  
  === Impact ===
  The HA innodb plugin can't be used, as the apparmor rules don't allow access to the plugin directory.
  
  === Regression potential ===
  Minimal. When this rule was added in maverick, it went through a few iterations:
  5.1.49-1ubuntu5, 5.1.49-1ubuntu6, and 5.1.49-1ubuntu7.
  But it hasn't been changed since, so we can assume it isn't too problematic.
  
  === Test Case ===
  
  Install mysql-server. Stop it.
  
  Add the following to a [mysqld] block in my.cnf:
  
+ default-storage-engine=InnoDB
  ignore_builtin_innodb
  plugin-load=innodb=ha_innodb_plugin.so;innodb_trx=ha_innodb_plugin.so;innodb_locks=ha_innodb_plugin.so;innodb_lock_waits=ha_innodb_plugin.so;innodb_cmp=ha_innodb_plugin.so;innodb_cmp_reset=ha_innodb_plugin.so;innodb_cmpmem=ha_innodb_plugin.so;innodb_cmpmem_reset=ha_innodb_plugin.so
  
- Then mysql won't start, reporting that it can't load the innodb plugin.
+ Then mysql won't start, reporting in /var/log/mysql/error.log that it can't load the innodb plugin.
  If it starts, we've solved the problem.
  
  == Original Report ==
  
  Attempting to run the mysql testsuite fails with the apparmor policy as
  shipped in maverick with the following rejection:
  
  [72565.740926] type=1400 audit(1281713173.741:61): apparmor="DENIED"
  operation="file_mmap" parent=18416 profile="/usr/sbin/mysqld"
  name="/usr/lib/mysql/plugin/ha_innodb_plugin.so.0.0.0" pid=18417
  comm="mysqld" requested_mask="m" denied_mask="m" fsuid=1000 ouid=0
  
  The following needs to be added to the apparmor profile for mysqld:
  
    /usr/lib/mysql/plugin/*.so* m,
  
  This also may be an issue on lucid, though I haven't built a version of
  mysql there with the fix for bug 617461 to reproduce it.

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to mysql-dfsg-5.1 in Ubuntu.
https://bugs.launchpad.net/bugs/617463

Title:
  mysql fails to load innodb plugin due to apparmor rejection.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mysql-5.1/+bug/617463/+subscriptions

More information about the Ubuntu-server-bugs mailing list