mysql fails to load innodb plugin due to apparmor rejection.
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
mysql-5.1 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Lucid |
Invalid
|
Undecided
|
Unassigned | ||
mysql-dfsg-5.1 (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Lucid |
Fix Released
|
Low
|
Unassigned |
Bug Description
== SRU Stuff ==
=== Impact ===
The HA innodb plugin can't be used, as the apparmor rules don't allow access to the plugin directory.
=== Regression potential ===
Minimal. When this rule was added in maverick, it went through a few iterations:
5.1.49-1ubuntu5, 5.1.49-1ubuntu6, and 5.1.49-1ubuntu7.
But it hasn't been changed since, so we can assume it isn't too problematic.
=== Test Case ===
Install mysql-server. Stop it.
Add the following to a [mysqld] block in my.cnf:
default-
ignore_
plugin-
Then mysql won't start, reporting in /var/log/
If it starts, we've solved the problem.
== Original Report ==
Attempting to run the mysql testsuite fails with the apparmor policy as shipped in maverick with the following rejection:
[72565.740926] type=1400 audit(128171317
The following needs to be added to the apparmor profile for mysqld:
/usr/
This also may be an issue on lucid, though I haven't built a version of mysql there with the fix for bug 617461 to reproduce it.
CVE References
Changed in mysql-dfsg-5.1 (Ubuntu): | |
status: | New → Invalid |
Changed in mysql-5.1 (Ubuntu Lucid): | |
status: | New → Invalid |
Changed in mysql-dfsg-5.1 (Ubuntu Lucid): | |
importance: | Undecided → Low |
description: | updated |
description: | updated |
This bug was fixed in the package mysql-5.1 - 5.1.49-1ubuntu5
---------------
mysql-5.1 (5.1.49-1ubuntu5) maverick; urgency=low
* New patch: 99_fix_ testsuite_ for_installed_ env.dpatch: fix apparmor- profile: add mmap access to mysql plugin location
mysql-testsuite to work with the installation location (LP: #617461)
* debian/
(LP: #617463)
-- Steve Beattie <email address hidden> Thu, 12 Aug 2010 15:44:46 -0700