missing apparmor rules
Bug #1658233 reported by
Kees Cook
This bug affects 21 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
mysql-5.7 (Ubuntu) |
Fix Released
|
Low
|
Robie Basak | ||
mysql-8.0 (Ubuntu) |
Fix Released
|
Medium
|
Robie Basak |
Bug Description
Missing from apparmor rules:
/sys/
/sys/
tags: | added: bionic xenial |
Changed in mysql-8.0 (Ubuntu): | |
assignee: | nobody → Robie Basak (racb) |
Changed in mysql-5.7 (Ubuntu): | |
assignee: | nobody → Christian Ehrhardt (paelzer) |
assignee: | Christian Ehrhardt (paelzer) → Robie Basak (racb) |
tags: | added: bitesize |
To post a comment you must log in.
Hi,
thank you for your report and your help to make Ubuntu better!
We build with libnuma-dev which should auto-enable https:/ /bugs.mysql. com/bug. php?id= 72811.
Might I ask you to describe what effect you see by this missing (other than the Denie in the log) - just to help rating the importance and urgency.
If you happen to brute force it disabled (not recommended in the long run) via d/usr.sbin. mysqld /etc/apparmor. d/disable/ d/usr.sbin. mysqld
ln -s /etc/apparmor.
apparmor_parser -R /etc/apparmor.
Does it give you any extra capability/feature that was missing before?
The reason I ask is that there are quite often non-fatal denies like that which e.g. do not need an SRU. While at other times they almost disables a feature like it could do to numa in this case.