Ubuntu
mysql-dfsg-5.1 package

[lucid] MySQL fails to install db (mysql_install_db) in specified directory due to AppArmor

Bug #597490 reported by Andres Rodriguez
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
mysql-dfsg-5.1 (Ubuntu)
Triaged
Wishlist
Unassigned

Bug Description

Release: Lucid
Version: 5.1.41-3ubuntu12.3

When issuing mysql_install_db --datadir=/<any>/<other>/<dir>, MySQL fails to install the DB, providing the following message:

mysql1# mysql_install_db --datadir=/mnt/prueba
Installing MySQL system tables...
100622 19:30:30 [Warning] Can't create test file /mnt/prueba/alice.lower-test
100622 19:30:30 [Warning] Can't create test file /mnt/prueba/alice.lower-test

Installation of system tables failed! Examine the logs in
/mnt/prueba for more information.

You can try to start the mysqld daemon with:

    shell> /usr/sbin/mysqld --skip-grant &

and use the command line tool /usr/bin/mysql
to connect to the mysql database and look at the grant tables:

    shell> /usr/bin/mysql -u root mysql
    mysql> show tables

Try 'mysqld --help' if you have problems with paths. Using --log
gives you a log in /mnt/prueba that may be helpful.

The latest information about MySQL is available on the web at
http://www.mysql.com/. Please consult the MySQL manual section
'Problems running mysql_install_db', and the manual section that
describes problems on your OS. Another information source are the
MySQL email archives available at http://lists.mysql.com/.

Please check all of the above before mailing us! And remember, if
you do mail us, you MUST use the /usr/scripts/mysqlbug script!

The Issue is related to AppArmor, given that when it is disable, MySQL doesn't fail to install. Now, given the issue, the message should contain hints specifying that AppArmor is enabled and needs to be disabled, or the profile needs to be changed to support the new isntallation directory.

Jamie Strandboge (jdstrand)
tags: added: apparmor
Revision history for this message
Serge Hallyn (serge-hallyn) wrote :

You'll need to add a rule in /etc/apparmor.d/usr.sbin.mysqld to allow mysqld
access to your chosen datadir. Something like

/opt/mysqld/** rwk,

underneath the line:

/var/lib/mysqld/* rwk,

Revision history for this message
Serge Hallyn (serge-hallyn) wrote :

Please see https://wiki.ubuntu.com/AppArmor for more information.

Changed in mysql-dfsg-5.1 (Ubuntu):
status: New → Confirmed
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

As Serge mentioned, you have chosen a datadir that is site-specific, uncommon and different from the default on Ubuntu. You can configure AppArmor for your environment in the /etc/apparmor.d/usr.sbin.mysqld profile. Feel free to see https://wiki.ubuntu.com/DebuggingAppArmor for more information.

Changed in mysql-dfsg-5.1 (Ubuntu):
status: Confirmed → Won't Fix
Revision history for this message
Andres Rodriguez (andreserl) wrote :

Hi guys,

I do know why is the error and what to do for the fix it. However, the reason why I filed the Bug is because there should be a message or any hint saying that the installation failed and it might be because of AppArmor. This was discussed with Jos as follows:

19:36 < jiboumans_> RoAkSoAx: at the very least, the error should say something about 'not allowed because of apparmor settings in $file' or something
19:37 < jiboumans_> RoAkSoAx: LP bug it :)

If you guys think that's something that should not be this way, please close the bug again since I'm reopening.

Thanks.

Changed in mysql-dfsg-5.1 (Ubuntu):
status: Won't Fix → New
importance: Undecided → Low
importance: Low → Undecided
Revision history for this message
Serge Hallyn (serge-hallyn) wrote :

Seems like mysqld would need to hook into the audit system. It could
then detect access failures due to either selinux or apparmor.

This however seems like a large upstream endeavor.

Chuck Short (zulcss)
Changed in mysql-dfsg-5.1 (Ubuntu):
importance: Undecided → Wishlist
status: New → Triaged
Jamie Strandboge (jdstrand)
tags: removed: apparmor
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.