[Bug 1658233] Re: missing apparmor rules

Andreas Hasenack andreas at canonical.com
Tue Aug 20 12:44:23 UTC 2019 

eoan will have mysql-8 soon, so I installed it from proposed to verify.
These are the DENIED messages I got right after installation:
[  580.067210] audit: type=1400 audit(1566304971.013:90): apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/sys/devices/system/node/" pid=8427 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[  580.068837] audit: type=1400 audit(1566304971.017:91): apparmor="DENIED" operation="capable" profile="/usr/sbin/mysqld" pid=8427 comm="mysqld" capability=2  capname="dac_read_search"
[  580.088987] audit: type=1107 audit(1566304971.037:92): pid=688 uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call"  bus="system" path="/org/freedesktop/systemd1" interface="org.freedesktop.systemd1.Manager" member="GetDynamicUsers" mask="send" name="org.freedesktop.systemd1" pid=8427 label="/usr/sbin/mysqld" peer_pid=1 peer_label="unconfined"
                exe="/usr/bin/dbus-daemon" sauid=103 hostname=? addr=? terminal=?'
[  580.091224] audit: type=1400 audit(1566304971.037:93): apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/etc/ssl/openssl.cnf" pid=8427 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=110 ouid=0
[  580.104218] audit: type=1400 audit(1566304971.053:94): apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/sys/devices/system/node/" pid=8428 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=110 ouid=0
[  580.347414] audit: type=1400 audit(1566304971.293:95): apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/etc/ssl/openssl.cnf" pid=8428 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=110 ouid=0
[  580.861280] audit: type=1400 audit(1566304971.809:96): apparmor="DENIED" operation="mknod" profile="/usr/sbin/mysqld" name="/run/mysqld/mysqlx.sock.lock" pid=8428 comm="mysqld" requested_mask="c" denied_mask="c" fsuid=110 ouid=110


** Also affects: mysql-8.0 (Ubuntu)
   Importance: Undecided
       Status: New

** Changed in: mysql-8.0 (Ubuntu)
       Status: New => Triaged

** Changed in: mysql-8.0 (Ubuntu)
   Importance: Undecided => Medium

** Tags added: server-next

-- 
You received this bug notification because you are a member of Ubuntu
Server, which is subscribed to mysql-5.7 in Ubuntu.
Matching subscriptions: main
https://bugs.launchpad.net/bugs/1658233

Title:
  missing apparmor rules

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mysql-5.7/+bug/1658233/+subscriptions

More information about the Ubuntu-server-bugs mailing list