OK, here it is
1. sudo apt-get install mariadb-server
2. /usr/sbin/mysqld {
}
3. systemctl reload apparmor
4. systemctl start mysql
5. sudo aa-logprof
Reading log entries from /var/log/syslog.
Updating AppArmor profiles in /etc/apparmor.d.
Enforce-mode changes:
Profile: /usr/sbin/mysqld
Path: /etc/ld.so.cache
Mode: r
Severity: 1
1 - #include <abstractions/base>
2 - #include <abstractions/evince>
3 - #include <abstractions/gnome>
4 - #include <abstractions/kde>
5 - #include <abstractions/lightdm>
6 - #include <abstractions/ubuntu-browsers.d/firefox>
7 - #include <abstractions/ubuntu-browsers.d/kde>
8 - #include <abstractions/ubuntu-browsers.d/mailto>
9 - #include <abstractions/ubuntu-gnome-terminal>
10 - #include <abstractions/ubuntu-konsole>
11 - #include <abstractions/ubuntu-unity7-base>
[12 - /etc/ld.so.cache]
(A)llow / [(D)eny] / (I)gnore / (G)lob / Glob with (E)xtension / (N)ew /
Abo(r)t / (F)inish / (M)ore
Profile: /usr/sbin/mysqld
Path: /etc/ld.so.cache
Mode: r
Severity: 1
[1 - #include <abstractions/base>]
2 - #include <abstractions/evince>
3 - #include <abstractions/gnome>
4 - #include <abstractions/kde>
5 - #include <abstractions/lightdm>
6 - #include <abstractions/ubuntu-browsers.d/firefox>
7 - #include <abstractions/ubuntu-browsers.d/kde>
8 - #include <abstractions/ubuntu-browsers.d/mailto>
9 - #include <abstractions/ubuntu-gnome-terminal>
10 - #include <abstractions/ubuntu-konsole>
11 - #include <abstractions/ubuntu-unity7-base>
12 - /etc/ld.so.cache
(A)llow / [(D)eny] / (I)gnore / (G)lob / Glob with (E)xtension / (N)ew /
Abo(r)t / (F)inish / (M)ore
Adding #include <abstractions/base> to profile.
= Changed Local Profiles =
The following local profiles were changed. Would you like to save them?
[1 - /usr/sbin/mysqld]
(S)ave Changes / Save Selec(t)ed Profile / [(V)iew Changes] / View Changes b/w
(C)lean profiles / Abo(r)t
Writing updated profile for /usr/sbin/mysqld.
6.
sudo systemctl reload apparmor
Job for apparmor.service failed because the control process exited with error
code. See "systemctl status apparmor.service" and "journalctl -xe" for details.
cat usr.sbin.mysqld
# Last Modified: Sun Oct 2 18:04:36 2016
# This file is intensionally empty to disable apparmor by default for newer
# versions of MariaDB, while providing seamless upgrade from older versions
# and from mysql, where apparmor is used.
#
# By default, we do not want to have any apparmor profile for the MariaDB
# server. It does not provide much useful functionality/security, and causes
# several problems for users who often are not even aware that apparmor
# exists and runs on their system.
#
# Users can modify and maintain their own profile, and in this case it will
# be used.
#
# When upgrading from previous version, users who modified the profile
# will be promptet to keep or discard it, while for default installs
# we will automatically disable the profile.
/usr/sbin/mysqld {
#include <abstractions/base>
}
If
>In theory, the tunables/global include should always be added
it is not added by aa-logprof...
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1629203
Title:
aa-logprof does not include #include <tunables/global> in profiles
Status in apparmor package in Ubuntu:
New
Bug description:
Ubuntu 16.04, fresh profile,
systemctl reload apparmor
says errors:
сен 30 11:24:33 inetgw1 apparmor[13771]: Found reference to variable PROC,
but is never declared
This is because there is no #include <tunables/global>
in profile.
Question here is- why? Why aa-logprof did not add it while adding
includes?
Thank you!
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1629203/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
