[debian-mysql] Bug#875890: Apparmor causes problems with Stretch upgrade
Henrik Ahlgren
pablo at seestieto.com
Mon Nov 6 20:36:51 UTC 2017
Upgrading from Jessie to Stretch with apparmor enabled seems to fail:
Setting up mariadb-server-10.1 (10.1.26-0+deb9u1) ...
Installing new version of config
file /etc/apparmor.d/usr.sbin.mysqld ...
Installing new version of config file /etc/init.d/mysql ...
Installing new version of config
file /etc/logrotate.d/mysql-server ...
Installing new version of config
file /etc/mysql/debian-start ...
dpkg: error processing package mariadb-server-10.1
(--configure):
subprocess installed post-installation script returned error
exit status 1
dpkg: dependency problems prevent configuration of
default-mysql-server:
default-mysql-server depends on mariadb-server-10.1; however:
Package mariadb-server-10.1 is not configured yet.
dpkg: error processing package default-mysql-server
(--configure):
dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of mysql-server:
mysql-server depends on default-mysql-server; however:
Package default-mysql-server is not configured yet.
dpkg: error processing package mysql-server (--configure):
dependency problems - leaving unconfigured
It took me a while to notice from audit log that is is due to apparmor:
type=AVC msg=audit(1509991806.111:85264): apparmor="DENIED"
operation="open" profile="/usr/sbin/mysqld"
name="/etc/mysql/mariadb.conf.d/" pid=6557 comm="mysqld"
requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=SYSCALL msg=audit(1509991806.111:85264): arch=40000003
syscall=5 success=no exit=-13 a0=bfd7f415 a1=98800 a2=bfd7fd71
a3=bfd7fd55 items=0 ppid=6554 pid=6557 auid=1000 uid=0 gid=0
euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=10453
comm="mysqld" exe="/usr/sbin/mysqld" key=(null)
Trying to reload apparmor policies did not help, it appears that
apparmor_parser ignores policies that are empty?
More information about the pkg-mysql-maint
mailing list