[pkg-apparmor] PostgreSQL AppArmor profiles
Christian Boltz
apparmor-debian at cboltz.de
Sun Sep 6 00:52:14 BST 2020
Hello,
Am Freitag, 4. September 2020, 10:30:25 CEST schrieb Sedat Dilek:
> I followed some weird howtos in the WildWildWild-Internet and did a
> wrong setup. [1] has the correct instructions.
>
> The issue was when the akonadi-database ran as an own
> postgresql-instance/process when looking with `ps -ef | grep s[q]l`.
> So, I saw two processes - one owned by "postgres" the other
> (akonadi-database) by my user "dileks".
>
> By following the new instructions this is no more the case - I have
> one process owned by "postgres".
>
> * The issues with AppArmor are no more visible in dmesg-logs! *
That's not surprising.
Before, you/akonadi used a user-specific postgres instance (started by
akonadi) which used the postgresql_akonadi profile.
Switching to the "system-wide" postgresql means akonadi doesn't [need
to] start postgresql - and the system-wide postgres runs under a
different (or no) AppArmor profile.
You can check that with ps Zaux | grep postgres - the first column
will show the AppArmor profile.
[...]
> Christian, you mean to add the change like below?
>
> [ /etc/apparmor.d/postgresql_akonadi ]
>
> #include <tunables/global>
>
> @{xdg_data_home}=@{HOME}/.local/share
>
> BEFORE: profile postgresql_akonadi {
> AFTER: profile postgresql_akonadi flags=(attach_disconnected) {
Right, the flags=(attach_disconnected) addition is the correct fix.
[...]
> So, if this is a change you favour, please let me and the Debian-KDE
> team know.
It is :-) - please apply it to the shipped profile.
Regards,
Christian Boltz
--
If someone wants to, go ahead - I will consider that person brave,
like a viking exploring the great unknown for the first time armed
only with a sword and shield while about to unknowingly run into
dragons, ogres, and terminators armed with purple laser beams
[Richard Brown in opensuse-project]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://alioth-lists.debian.net/pipermail/pkg-apparmor-team/attachments/20200906/9bcae445/attachment.sig>
More information about the pkg-apparmor-team
mailing list