[debian-mysql] Bug#875890: Please consider shipping /etc/apparmor.d/usr.sbin.mysqld from upstream
intrigeri
intrigeri at debian.org
Wed Sep 20 15:07:28 UTC 2017
Hi,
Guido Günther:
> it would be great if the package would ship upstream's profile (even if
> only in complain mode like upstream does). This would help to iron out
> the issues in the profile.
I notice that mariadb-server-10.1 ships
/usr/share/mysql/policy/apparmor/usr.sbin.mysqld (that comes from
Ubuntu).
Is upstream's profile something else?
Note that Ubuntu's profiles are sometimes better suited for usage on
Debian than upstream's, especially when upstream uses a different
distro as their primary development platform. Now, of course ideally
distros would contribute to the upstream profile instead of
maintaining their own, as it's started to happen for libvirt :)
> The current file file that starts like:
> […]
> is a bit discouraging.
Indeed. FTR Ubuntu has been shipping enforced by default AppArmor
policy for MySQL since 2008, so I would expect it to be super robust
and I *guess* that it should work almost as-is for MariaDB.
Any pointer to the "several problems for users" that have been caused
by AppArmor?
Cheers,
--
intrigeri
More information about the pkg-mysql-maint
mailing list