[debian-mysql] cqrlog modifies MySQL apparmor profile in postinst
Robie Basak
robie.basak at ubuntu.com
Tue Mar 10 12:36:00 UTC 2015
On Fri, Mar 06, 2015 at 03:16:30PM +0100, Norvald H. Ryeng wrote:
> I've noticed that cqrlog's postinst script runs cqrlog-apparmor-fix [1],
> which modifies /etc/apparmor.d/usr.sbin.mysqld. The change is simple, it's
> just adding one line to the end of the file:
>
> @{HOME}/.config/cqrlog/database/** rwk,
> The file is a config file in the mysql-server-5.5 package, so dpkg will
> ask the user what to do when that package is upgraded and contains a new
> version of the file. This leaves it to the user to resolve a conflict
> introduced by package maintainers. It's not a very critical bug, but it's
> a bit annoying.
I believe this should be filed as a bug in cqrlog. Packages shouldn't be
automatically modifying conffiles that they do not own.
> Can we find a more elegant solution to this? There's an #include directive
> at the bottom of the apparmor file (commented out, but we could enable
> it). Perhaps cqrlog could put it's rule there, but I guess it's bad
> practice for packages to put anything in /etc/apparmor.d/local. Any other
> suggestions?
It doesn't really harm anyone to just ship that line in our AppArmor
profile. I believe that's the general approach that Ubuntu has been
taking to AppArmor profiles, anyway.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-mysql-maint/attachments/20150310/f475e2d3/attachment.sig>
More information about the pkg-mysql-maint
mailing list