Running a process confined and chrooting are typically two different,
mutually-exclusive solutions to the same problem.
The apparmor profile contains mysqld in a similar way that the
traditional chrooting does. There is no reason to chroot mysqld on
Ubuntu if you are using the AppArmor profile. The reason why the profile
was developed was so that all mysqld users would benefit from the
enhanced security of running mysqld under confinement, and not require
users to have to diverge from the standard installation and use chroot.
Users are welcome to use traditional chrooting if they prefer, and need only
disable the apparmor profile by performing:
$ sudo apparmor_parser -R /etc/apparmor.d/usr.sbin.mysqld
$ ln -s /etc/apparmor.d/usr.sbin.mysqld /etc/apparmor.d/disable/usr.sbin.mysqld
The first unloads the profile from the kernel, and the second disables
the profile on boot.
** Changed in: mysql-dfsg-5.1 (Ubuntu)
Status: Incomplete => Won't Fix
** Changed in: mysql-dfsg-5.1 (Ubuntu)
Assignee: (unassigned) => Jamie Strandboge (jdstrand)
--
mysql-server-5.1 can't chroot
https://bugs.launchpad.net/bugs/434915
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
