Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ubuntu packages don't seem to disable mysqld AppArmor profile properly #367

Open
ayurchen opened this issue May 1, 2020 · 0 comments
Open

Ubuntu packages don't seem to disable mysqld AppArmor profile properly #367

ayurchen opened this issue May 1, 2020 · 0 comments
Assignees
@aglarendil @temeo
Labels
5.6-v25 5.7-v25 8.0-v26 packaging

Comments

@ayurchen
Copy link
Member

ayurchen commented May 1, 2020

As per instructions at https://help.ubuntu.com/community/AppArmor, in order to disable profile, after it's been linked to /etc/apparmor.d/disable/ one also need to run

apparmor_parser -R /etc/apparmor.d/profile.name

What we seem to have in DEBIAN/postinstis

                if aa-status --enabled 2>/dev/null; then
                        apparmor_parser -r -T -W /etc/apparmor.d/usr.sbin.mysqld 2>/dev/null || true
                fi

which apparently is not enough (maybe it is not invoked, may be it is the difference in command line options) and host reboot is needed (EC2, official Ubuntu 1804 image) to actually disable the profile. Running apparmor_parser -R solves the issue.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@aglarendil aglarendil

@temeo temeo

Labels
5.6-v25 5.7-v25 8.0-v26 packaging
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@aglarendil @ayurchen @temeo