AppArmor prevents mysqld from working in Digikam's internal-server MySQL mode

Bug #735949 reported by Adam Porter on 2011-03-16
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
digikam (Ubuntu)
Medium
Unassigned

Bug Description

Binary package hint: apparmor

I was trying to test Digikam's database migration to the "internal server" MySQL mode. It failed every time and I couldn't figure out why. Later I was looking in the kernel logs for another reason and saw these lines:

Mar 15 22:40:17 kubbie kernel: [66325.677327] type=1400 audit(1300246816.762:35715): apparmor="DENIED" operation="open" parent=11367 profile="/usr/sbin/mysqld" n
ame="/sys/devices/system/cpu/" pid=11406 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Mar 15 22:40:17 kubbie kernel: [66325.768133] type=1400 audit(1300246816.854:35716): apparmor="DENIED" operation="open" parent=11367 profile="/usr/sbin/mysqld" name="/home/me/.kde/share/apps/digikam/mysql.conf" pid=11406 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
Mar 15 22:40:18 kubbie kernel: [66326.610800] type=1400 audit(1300246817.694:35717): apparmor="DENIED" operation="mknod" parent=11367 profile="/usr/sbin/mysqld" name="/home/me/.kde/share/apps/digikam/db_data/kubbie.lower-test" pid=11406 comm="mysqld" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
Mar 15 22:40:18 kubbie kernel: [66326.610865] type=1400 audit(1300246817.694:35718): apparmor="DENIED" operation="mknod" parent=11367 profile="/usr/sbin/mysqld" name="/home/me/.kde/share/apps/digikam/db_data/kubbie.lower-test" pid=11406 comm="mysqld" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
Mar 15 22:40:19 kubbie kernel: [66328.836977] type=1400 audit(1300246819.922:35719): apparmor="DENIED" operation="mknod" parent=11367 profile="/usr/sbin/mysqld" name="/home/me/.kde/share/apps/digikam/db_data/ibdata1" pid=11406 comm="mysqld" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000

I'm not sure if this should be reported against apparmor, mysql-server, or digikam.

ProblemType: Bug
DistroRelease: Ubuntu 10.10
Package: apparmor 2.5.1-0ubuntu0.10.10.4 [modified: sbin/apparmor_parser]
ProcVersionSignature: Ubuntu 2.6.35-27.48-generic 2.6.35.11
Uname: Linux 2.6.35-27-generic i686
NonfreeKernelModules: nvidia
Architecture: i386
Date: Wed Mar 16 02:55:38 2011
ProcEnviron:
 LANGUAGE=
 PATH=(custom, user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
ProcKernelCmdline: BOOT_IMAGE=/vmlinuz-2.6.35-27-generic root=/dev/mapper/vg-root ro quiet splash
SourcePackage: apparmor

Adam Porter (alphapapa) wrote :
Jamie Strandboge (jdstrand) wrote :

Thank you for using Ubuntu and reporting a bug. The digikam packaging should be updated like akonadi's to use a wrapper script and separate apparmor profile.

affects: apparmor (Ubuntu) → digikam (Ubuntu)
Changed in digikam (Ubuntu):
importance: Undecided → Medium
status: New → Triaged
Felix Geyer (debfx) on 2011-03-16
Changed in digikam (Ubuntu):
assignee: nobody → Felix Geyer (debfx)
status: Triaged → In Progress
Felix Geyer (debfx) on 2011-03-17
Changed in digikam (Ubuntu):
assignee: Felix Geyer (debfx) → nobody
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package digikam - 2:1.9.0-1ubuntu1

---------------
digikam (2:1.9.0-1ubuntu1) natty; urgency=low

  * Merge with debian, remaining changes
    - Export .pot name and copy to plugins in debian/rules
  * Add an AppArmor profile for the local mysql server. (LP: #735949)
    - Use a wrapper script for mysqld.
    - Add kubuntu_01_mysqld_executable_name.diff so digikam uses the
      wrapper script instead of directly running mysqld.
  * Make digikam suggest libqt4-sql-mysql and mysql-server-core-5.1.

digikam (2:1.9.0-1) experimental; urgency=low

  * New upstream release
    - Requires packages from http://qt-kde.debian.net/
 -- Felix Geyer <email address hidden> Thu, 17 Mar 2011 11:21:31 +0100

Changed in digikam (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers