Running a process confined and chrooting are typically two different, mutually-exclusive solutions to the same problem.
The apparmor profile contains mysqld in a similar way that the traditional chrooting does. There is no reason to chroot mysqld on Ubuntu if you are using the AppArmor profile. The reason why the profile was developed was so that all mysqld users would benefit from the enhanced security of running mysqld under confinement, and not require users to have to diverge from the standard installation and use chroot. Users are welcome to use traditional chrooting if they prefer, and need only disable the apparmor profile by performing: $ sudo apparmor_parser -R /etc/apparmor.d/usr.sbin.mysqld $ ln -s /etc/apparmor.d/usr.sbin.mysqld /etc/apparmor.d/disable/usr.sbin.mysqld The first unloads the profile from the kernel, and the second disables the profile on boot. ** Changed in: mysql-dfsg-5.1 (Ubuntu) Status: Incomplete => Won't Fix ** Changed in: mysql-dfsg-5.1 (Ubuntu) Assignee: (unassigned) => Jamie Strandboge (jdstrand) -- mysql-server-5.1 can't chroot https://bugs.launchpad.net/bugs/434915 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs