Mysql 5.7 mysql.pid Apparmor Denial

Bug #1825246 reported by Gold Star on 2019-04-17
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
mysql-5.7 (Ubuntu)
Undecided
Unassigned

Bug Description

On Ubuntu 16.04.6 LTS, after apt purge mysql-server* then apt install mysql-server the intallation fails because the AppArmor profile is incomplete. Booting with kernel command line parameter apparmor=0 allows successful install.

Running aa-logprof shows that the pid file is not in the profile based on the following output:

Profile: /usr/sbin/mysqld
Path: /run/mysqld/mysql.pid
Mode: rw
Severity: unknown

 [1 - /run/mysqld/mysql.pid]
[(A)llow] / (D)eny / (I)gnore / (G)lob / Glob with (E)xtension / (N)ew / Abo(r)t / (F)inish / (M)ore
Adding /run/mysqld/mysql.pid rw to profile

Debugging info:

cat /etc/issue

Ubuntu 16.04.6 LTS \n \l

---

apt-cache policy mysql-server*

mysql-server-5.0:
  Installed: (none)
  Candidate: (none)
  Version table:
mysql-server-5.1:
  Installed: (none)
  Candidate: (none)
  Version table:
mysql-server-5.5:
  Installed: (none)
  Candidate: (none)
  Version table:
mysql-server-5.6:
  Installed: (none)
  Candidate: (none)
  Version table:
mysql-server-5.7:
  Installed: 5.7.25-0ubuntu0.16.04.2
  Candidate: 5.7.25-0ubuntu0.16.04.2
  Version table:
 *** 5.7.25-0ubuntu0.16.04.2 500
        500 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages
        500 http://security.ubuntu.com/ubuntu xenial-security/main amd64 Packages
        100 /var/lib/dpkg/status
     5.7.11-0ubuntu6 500
        500 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
mysql-server:
  Installed: 5.7.25-0ubuntu0.16.04.2
  Candidate: 5.7.25-0ubuntu0.16.04.2
  Version table:
 *** 5.7.25-0ubuntu0.16.04.2 500
        500 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages
        500 http://us.archive.ubuntu.com/ubuntu xenial-updates/main i386 Packages
        500 http://security.ubuntu.com/ubuntu xenial-security/main amd64 Packages
        500 http://security.ubuntu.com/ubuntu xenial-security/main i386 Packages
        100 /var/lib/dpkg/status
     5.7.11-0ubuntu6 500
        500 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
        500 http://us.archive.ubuntu.com/ubuntu xenial/main i386 Packages
mysql-server-core-5.1:
  Installed: (none)
  Candidate: (none)
  Version table:
mysql-server-core-5.5:
  Installed: (none)
  Candidate: (none)
  Version table:
mysql-server-core-5.6:
  Installed: (none)
  Candidate: (none)
  Version table:
mysql-server-core-5.7:
  Installed: 5.7.25-0ubuntu0.16.04.2
  Candidate: 5.7.25-0ubuntu0.16.04.2
  Version table:
 *** 5.7.25-0ubuntu0.16.04.2 500
        500 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages
        500 http://security.ubuntu.com/ubuntu xenial-security/main amd64 Packages
        100 /var/lib/dpkg/status
     5.7.11-0ubuntu6 500
        500 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 Packages

** This system was upgraded from 14.04 using do-upgrade-release **

Gold Star (goldstar611) wrote :

In the package of http://archive.ubuntu.com/ubuntu/pool/main/m/mysql-5.7/mysql-5.7_5.7.25.orig.tar.gz

file
./packaging/deb-in/extra/apparmor-profile

The following pids are listed but not mysql.pid

# Allow pid, socket, socket lock file access
  /var/run/mysqld/mysqld.pid rw,
  /var/run/mysqld/mysqld.sock rw,
  /var/run/mysqld/mysqld.sock.lock rw,
  /run/mysqld/mysqld.pid rw,
  /run/mysqld/mysqld.sock rw,
  /run/mysqld/mysqld.sock.lock rw,

tags: added: server-triage-discuss
Gold Star (goldstar611) wrote :

I tried to reproduce this from an upgrade of Ubuntu Server 14.04.6 -> 16.04 and it did not reproduce. I can get more information on the problematic system via VMWare snaphots I have saved

Gold Star (goldstar611) wrote :
Download full text (4.0 KiB)

This issue can be closed. This system was modified at some point with no notice in the configuration file.

I pulled the deb package from /var/cache/apt, extracted the data.tar.gz and inspected my.cnf

---

Additional debugging used to verify:

user@hostname:~$ apt-cache policy mysql-server*
mysql-server-core-5.0:
  Installed: (none)
  Candidate: (none)
  Version table:
mysql-server-core-5.1:
  Installed: (none)
  Candidate: (none)
  Version table:
mysql-server-core-5.5:
  Installed: 5.5.62-0ubuntu0.14.04.1
  Candidate: 5.5.62-0ubuntu0.14.04.1
  Version table:
 *** 5.5.62-0ubuntu0.14.04.1 0
        500 http://us.archive.ubuntu.com/ubuntu/ trusty-updates/main amd64 Packages
        500 http://security.ubuntu.com/ubuntu/ trusty-security/main amd64 Packages
        100 /var/lib/dpkg/status
     5.5.35+dfsg-1ubuntu1 0
        500 http://us.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages
mysql-server-core-5.6:
  Installed: (none)
  Candidate: 5.6.33-0ubuntu0.14.04.1
  Version table:
     5.6.33-0ubuntu0.14.04.1 0
        500 http://us.archive.ubuntu.com/ubuntu/ trusty-updates/universe amd64 Packages
        500 http://security.ubuntu.com/ubuntu/ trusty-security/universe amd64 Packages
     5.6.16-1~exp1 0
        500 http://us.archive.ubuntu.com/ubuntu/ trusty/universe amd64 Packages
mysql-server-5.0:
  Installed: (none)
  Candidate: (none)
  Version table:
mysql-server-5.1:
  Installed: (none)
  Candidate: (none)
  Version table:
mysql-server-5.5:
  Installed: (none)
  Candidate: 5.5.62-0ubuntu0.14.04.1
  Version table:
     5.5.62-0ubuntu0.14.04.1 0
        500 http://us.archive.ubuntu.com/ubuntu/ trusty-updates/main amd64 Packages
        500 http://security.ubuntu.com/ubuntu/ trusty-security/main amd64 Packages
        100 /var/lib/dpkg/status
     5.5.35+dfsg-1ubuntu1 0
        500 http://us.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages
mysql-server-5.6:
  Installed: (none)
  Candidate: 5.6.33-0ubuntu0.14.04.1
  Version table:
     5.6.33-0ubuntu0.14.04.1 0
        500 http://us.archive.ubuntu.com/ubuntu/ trusty-updates/universe amd64 Packages
        500 http://security.ubuntu.com/ubuntu/ trusty-security/universe amd64 Packages
     5.6.16-1~exp1 0
        500 http://us.archive.ubuntu.com/ubuntu/ trusty/universe amd64 Packages
virtual-mysql-server-core:
  Installed: (none)
  Candidate: (none)
  Version table:
mysql-server:
  Installed: (none)
  Candidate: 5.5.62-0ubuntu0.14.04.1
  Version table:
     5.5.62-0ubuntu0.14.04.1 0
        500 http://us.archive.ubuntu.com/ubuntu/ trusty-updates/main amd64 Packages
        500 http://security.ubuntu.com/ubuntu/ trusty-security/main amd64 Packages
     5.5.35+dfsg-1ubuntu1 0
        500 http://us.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages
mysql-server-core:
  Installed: (none)
  Candidate: (none)
  Version table:
virtual-mysql-server:
  Installed: (none)
  Candidate: (none)
  Version table:

user@hostname:~$ ls /var/run/mysqld/
mysqld.sock mysql.pid

user@hostname:/etc/mysql$ sudo grep -R "mysql.pid" .
./my.cnf:pid-file = /var/run/mysqld/mysql.pid

user@hostname:/etc/mysql$ dpkg -S /etc/mysql/my.cnf
mysql-common: /etc/mysql/my.cnf

user@hostname:/et...

Read more...

Paride Legovini (legovini) wrote :

I'm marking this as Invalid as it seems to be the conclusion you came to; if this is not the case feel free to set the status back to New and reopen the discussion. Thanks for taking the time to file the report.

Changed in mysql-5.7 (Ubuntu):
status: New → Invalid
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers