[debian-mysql] cqrlog modifies MySQL apparmor profile in postinst
Norvald H. Ryeng
norvald.ryeng at oracle.com
Fri Mar 6 14:16:30 UTC 2015
Hi,
I've noticed that cqrlog's postinst script runs cqrlog-apparmor-fix [1],
which modifies /etc/apparmor.d/usr.sbin.mysqld. The change is simple, it's
just adding one line to the end of the file:
@{HOME}/.config/cqrlog/database/** rwk,
The file is a config file in the mysql-server-5.5 package, so dpkg will
ask the user what to do when that package is upgraded and contains a new
version of the file. This leaves it to the user to resolve a conflict
introduced by package maintainers. It's not a very critical bug, but it's
a bit annoying.
Can we find a more elegant solution to this? There's an #include directive
at the bottom of the apparmor file (commented out, but we could enable
it). Perhaps cqrlog could put it's rule there, but I guess it's bad
practice for packages to put anything in /etc/apparmor.d/local. Any other
suggestions?
Regards / 73
Norvald H. Ryeng / LA6YKA
[1]
https://sources.debian.net/src/cqrlog/1.8.2-1.1/tools/cqrlog-apparmor-fix/
More information about the pkg-mysql-maint
mailing list