[debian-mysql] cqrlog modifies MySQL apparmor profile in postinst

Norvald H. Ryeng norvald.ryeng at oracle.com
Fri Mar 6 14:16:30 UTC 2015


Hi,

I've noticed that cqrlog's postinst script runs cqrlog-apparmor-fix [1],  
which modifies /etc/apparmor.d/usr.sbin.mysqld. The change is simple, it's  
just adding one line to the end of the file:

     @{HOME}/.config/cqrlog/database/** rwk,

The file is a config file in the mysql-server-5.5 package, so dpkg will  
ask the user what to do when that package is upgraded and contains a new  
version of the file. This leaves it to the user to resolve a conflict  
introduced by package maintainers. It's not a very critical bug, but it's  
a bit annoying.

Can we find a more elegant solution to this? There's an #include directive  
at the bottom of the apparmor file (commented out, but we could enable  
it). Perhaps cqrlog could put it's rule there, but I guess it's bad  
practice for packages to put anything in /etc/apparmor.d/local. Any other  
suggestions?

Regards / 73

Norvald H. Ryeng / LA6YKA

[1]  
https://sources.debian.net/src/cqrlog/1.8.2-1.1/tools/cqrlog-apparmor-fix/



More information about the pkg-mysql-maint mailing list