Ubuntu
mysql-5.7 package

Mysql 5.7 mysql.pid Apparmor Denial

Bug #1825246 reported by Gold Star
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
mysql-5.7 (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

On Ubuntu 16.04.6 LTS, after apt purge mysql-server* then apt install mysql-server the intallation fails because the AppArmor profile is incomplete. Booting with kernel command line parameter apparmor=0 allows successful install.

Running aa-logprof shows that the pid file is not in the profile based on the following output:

Profile: /usr/sbin/mysqld
Path: /run/mysqld/mysql.pid
Mode: rw
Severity: unknown

 [1 - /run/mysqld/mysql.pid]
[(A)llow] / (D)eny / (I)gnore / (G)lob / Glob with (E)xtension / (N)ew / Abo(r)t / (F)inish / (M)ore
Adding /run/mysqld/mysql.pid rw to profile

Debugging info:

cat /etc/issue

Ubuntu 16.04.6 LTS \n \l

---

apt-cache policy mysql-server*

mysql-server-5.0:
  Installed: (none)
  Candidate: (none)
  Version table:
mysql-server-5.1:
  Installed: (none)
  Candidate: (none)
  Version table:
mysql-server-5.5:
  Installed: (none)
  Candidate: (none)
  Version table:
mysql-server-5.6:
  Installed: (none)
  Candidate: (none)
  Version table:
mysql-server-5.7:
  Installed: 5.7.25-0ubuntu0.16.04.2
  Candidate: 5.7.25-0ubuntu0.16.04.2
  Version table:
 *** 5.7.25-0ubuntu0.16.04.2 500
        500 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages
        500 http://security.ubuntu.com/ubuntu xenial-security/main amd64 Packages
        100 /var/lib/dpkg/status
     5.7.11-0ubuntu6 500
        500 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
mysql-server:
  Installed: 5.7.25-0ubuntu0.16.04.2
  Candidate: 5.7.25-0ubuntu0.16.04.2
  Version table:
 *** 5.7.25-0ubuntu0.16.04.2 500
        500 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages
        500 http://us.archive.ubuntu.com/ubuntu xenial-updates/main i386 Packages
        500 http://security.ubuntu.com/ubuntu xenial-security/main amd64 Packages
        500 http://security.ubuntu.com/ubuntu xenial-security/main i386 Packages
        100 /var/lib/dpkg/status
     5.7.11-0ubuntu6 500
        500 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
        500 http://us.archive.ubuntu.com/ubuntu xenial/main i386 Packages
mysql-server-core-5.1:
  Installed: (none)
  Candidate: (none)
  Version table:
mysql-server-core-5.5:
  Installed: (none)
  Candidate: (none)
  Version table:
mysql-server-core-5.6:
  Installed: (none)
  Candidate: (none)
  Version table:
mysql-server-core-5.7:
  Installed: 5.7.25-0ubuntu0.16.04.2
  Candidate: 5.7.25-0ubuntu0.16.04.2
  Version table:
 *** 5.7.25-0ubuntu0.16.04.2 500
        500 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages
        500 http://security.ubuntu.com/ubuntu xenial-security/main amd64 Packages
        100 /var/lib/dpkg/status
     5.7.11-0ubuntu6 500
        500 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 Packages

** This system was upgraded from 14.04 using do-upgrade-release **

Revision history for this message
Gold Star (goldstar611) wrote :

In the package of http://archive.ubuntu.com/ubuntu/pool/main/m/mysql-5.7/mysql-5.7_5.7.25.orig.tar.gz

file
./packaging/deb-in/extra/apparmor-profile

The following pids are listed but not mysql.pid

# Allow pid, socket, socket lock file access
  /var/run/mysqld/mysqld.pid rw,
  /var/run/mysqld/mysqld.sock rw,
  /var/run/mysqld/mysqld.sock.lock rw,
  /run/mysqld/mysqld.pid rw,
  /run/mysqld/mysqld.sock rw,
  /run/mysqld/mysqld.sock.lock rw,

Paride Legovini (paride)
tags: added: server-triage-discuss
Revision history for this message
Gold Star (goldstar611) wrote :

I tried to reproduce this from an upgrade of Ubuntu Server 14.04.6 -> 16.04 and it did not reproduce. I can get more information on the problematic system via VMWare snaphots I have saved

Revision history for this message
Gold Star (goldstar611) wrote :
Download full text (4.0 KiB)

This issue can be closed. This system was modified at some point with no notice in the configuration file.

I pulled the deb package from /var/cache/apt, extracted the data.tar.gz and inspected my.cnf

---

Additional debugging used to verify:

user@hostname:~$ apt-cache policy mysql-server*
mysql-server-core-5.0:
  Installed: (none)
  Candidate: (none)
  Version table:
mysql-server-core-5.1:
  Installed: (none)
  Candidate: (none)
  Version table:
mysql-server-core-5.5:
  Installed: 5.5.62-0ubuntu0.14.04.1
  Candidate: 5.5.62-0ubuntu0.14.04.1
  Version table:
 *** 5.5.62-0ubuntu0.14.04.1 0
        500 http://us.archive.ubuntu.com/ubuntu/ trusty-updates/main amd64 Packages
        500 http://security.ubuntu.com/ubuntu/ trusty-security/main amd64 Packages
        100 /var/lib/dpkg/status
     5.5.35+dfsg-1ubuntu1 0
        500 http://us.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages
mysql-server-core-5.6:
  Installed: (none)
  Candidate: 5.6.33-0ubuntu0.14.04.1
  Version table:
     5.6.33-0ubuntu0.14.04.1 0
        500 http://us.archive.ubuntu.com/ubuntu/ trusty-updates/universe amd64 Packages
        500 http://security.ubuntu.com/ubuntu/ trusty-security/universe amd64 Packages
     5.6.16-1~exp1 0
        500 http://us.archive.ubuntu.com/ubuntu/ trusty/universe amd64 Packages
mysql-server-5.0:
  Installed: (none)
  Candidate: (none)
  Version table:
mysql-server-5.1:
  Installed: (none)
  Candidate: (none)
  Version table:
mysql-server-5.5:
  Installed: (none)
  Candidate: 5.5.62-0ubuntu0.14.04.1
  Version table:
     5.5.62-0ubuntu0.14.04.1 0
        500 http://us.archive.ubuntu.com/ubuntu/ trusty-updates/main amd64 Packages
        500 http://security.ubuntu.com/ubuntu/ trusty-security/main amd64 Packages
        100 /var/lib/dpkg/status
     5.5.35+dfsg-1ubuntu1 0
        500 http://us.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages
mysql-server-5.6:
  Installed: (none)
  Candidate: 5.6.33-0ubuntu0.14.04.1
  Version table:
     5.6.33-0ubuntu0.14.04.1 0
        500 http://us.archive.ubuntu.com/ubuntu/ trusty-updates/universe amd64 Packages
        500 http://security.ubuntu.com/ubuntu/ trusty-security/universe amd64 Packages
     5.6.16-1~exp1 0
        500 http://us.archive.ubuntu.com/ubuntu/ trusty/universe amd64 Packages
virtual-mysql-server-core:
  Installed: (none)
  Candidate: (none)
  Version table:
mysql-server:
  Installed: (none)
  Candidate: 5.5.62-0ubuntu0.14.04.1
  Version table:
     5.5.62-0ubuntu0.14.04.1 0
        500 http://us.archive.ubuntu.com/ubuntu/ trusty-updates/main amd64 Packages
        500 http://security.ubuntu.com/ubuntu/ trusty-security/main amd64 Packages
     5.5.35+dfsg-1ubuntu1 0
        500 http://us.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages
mysql-server-core:
  Installed: (none)
  Candidate: (none)
  Version table:
virtual-mysql-server:
  Installed: (none)
  Candidate: (none)
  Version table:

user@hostname:~$ ls /var/run/mysqld/
mysqld.sock mysql.pid

user@hostname:/etc/mysql$ sudo grep -R "mysql.pid" .
./my.cnf:pid-file = /var/run/mysqld/mysql.pid

user@hostname:/etc/mysql$ dpkg -S /etc/mysql/my.cnf
mysql-common: /etc/mysql/my.cnf

user@hostname:/et...

Read more...

Revision history for this message
Paride Legovini (paride) wrote :

I'm marking this as Invalid as it seems to be the conclusion you came to; if this is not the case feel free to set the status back to New and reopen the discussion. Thanks for taking the time to file the report.

Changed in mysql-5.7 (Ubuntu):
status: New → Invalid
Robie Basak (racb)
tags: removed: server-triage-discuss
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.