AppArmor permission problem on Ubuntu Lucid

Bug #616136 reported by Cafuego on 2010-08-10
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
MariaDB
Fix Released
Undecided
Kristian Nielsen
OurDelta
Undecided
Cafuego

Bug Description

The MariaDB 5.1.49 server wants read access to /sys/devices/system/cpu/ , but access to this directory is denied by its apparmor profile. This leads to entries in syslog, such as:

Aug 11 09:25:30 cachaca kernel: [1466836.273692] type=1503 audit(1281482730.279:83): operation="open" pid=1807 parent=1806 profile="/usr/sbin/mysqld" requested_mask="r::" denied_mask="r::" fsuid=0 ouid=0 name="/sys/devices/system/cpu/"

I first noticed this when the server started using 100% of one CPU core and I checked the logs in response. However, I've not been able to replicate that behaviour, so that may have been unrelated.

The problem can be resolved by adding the following line to /etc/apparmor.d/usr.sbin.mysqld:

/sys/devices/system/cpu/ r,

Related branches

Cafuego (cafuego) on 2010-08-10
description: updated
affects: ourdelta → maria
Cafuego (cafuego) on 2010-08-10
affects: maria → ourdelta
Changed in ourdelta:
assignee: nobody → Cafuego (cafuego)
Cafuego (cafuego) on 2010-08-12
description: updated
Changed in ourdelta:
status: New → Fix Committed
Changed in maria:
assignee: nobody → Kristian Nielsen (knielsen)
Changed in maria:
milestone: none → 5.1
Colin Charles (ccharles) on 2011-11-13
tags: added: packaging
Kristian Nielsen (knielsen) wrote :

I'm not sure if this is a problem (still) in mariadb or not ...
However, the default apparmor profile has been removed from MariaDB .deb packages, which will remove
any such issues.
This will be in 5.1.56, 5.2.10, 5.3.3, and 5.5.x.

Changed in maria:
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers