mysql apparmor profile forbids raising max open files limit

Reported by Andi Hechtbauer on 2008-12-09
This bug affects 2 people
Affects Status Importance Assigned to Milestone
mysql-dfsg-5.0 (Ubuntu)
Jamie Strandboge
Jamie Strandboge

Bug Description

Binary package hint: mysql-server-5.0

Mysql Server 5.0.51a-3ubuntu5.4 / Ubuntu 8.04, when apparmor is active and in enforcement mode (default).

Some settings in /etc/mysql/my.cnf won't have any effect. E.g. setting the table_cache to something above 1024 will silently fall back to 64, since "capability sys_resource," is missing from /etc/apparmor.d/usr.sbin.mysqld

something like audit(1228474870.984:3): type=1503 operation="capable" name="sys_resource" pid=26842 profile="/usr/sbin/mysqld" namespace="default"
will appear in the syslog.

Pavel Zheltouhov (pwlnw) wrote :

This bug affects me too and all mass hosting servers with thousands of user tables.
Please, add this string to apparmor profile.

Arjen Lentz (arjen-lentz) wrote :

Apparmor was discontinued, right?

Pavel Zheltouhov (pwlnw) wrote :

Maybe discontinued, but package still available and if user install apparmor, mysql will work poorly.
By default, apparmor installed in Hardy and Interpid. Don't know how about new Janty.

Jamie Strandboge (jdstrand) wrote :

Apparmor is not discontinued. It is being actively developed, is close to being in the upstream kernel and is supported by Ubuntu.

Changed in mysql-dfsg-5.0 (Ubuntu Hardy):
status: New → Confirmed
Changed in mysql-dfsg-5.0 (Ubuntu Intrepid):
status: New → Confirmed
Changed in mysql-dfsg-5.0 (Ubuntu Jaunty):
status: New → Confirmed
Changed in mysql-dfsg-5.0:
assignee: nobody → jdstrand
status: Confirmed → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mysql-dfsg-5.0 - 5.1.30really5.0.75-0ubuntu8

mysql-dfsg-5.0 (5.1.30really5.0.75-0ubuntu8) jaunty; urgency=low

  * debian/apparmor-profile: add 'capability sys_resource' so that
    settings in /etc/mysql/my.cnf will work properly (LP: #306541)

 -- Jamie Strandboge <email address hidden> Tue, 17 Mar 2009 18:04:05 -0500

Changed in mysql-dfsg-5.0:
status: Fix Committed → Fix Released
Chuck Short (zulcss) wrote :

Since Intrepid has reached EOL I am going to close this SRU request.


Changed in mysql-dfsg-5.0 (Ubuntu Intrepid):
status: Confirmed → Won't Fix
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers