[debian-mysql] Bug#1132027: mariadb-server: MariaDB doesn't start anymore with enforcing Apparmor profile
Otto Kekäläinen
otto at debian.org
Fri Apr 3 15:37:00 BST 2026
Hi Stephan,
> With the following lines in /etc/apparmor.d/local/mariadb MariaDB is
> starting in enforce mode:
>
> capability sys_resource,
> capability dac_read_search,
> capability dac_override,
> capability setgid,
> capability setuid,
>
> Maybe they are needed for sysvinit user.
Thanks for reporting!
Are you sure every one of those are needed? Did you test those lines
individually or just added all at once?
If that is the case, I will add all of them in the MR draft at
https://salsa.debian.org/mariadb-team/mariadb-server/-/merge_requests/159
Based on the logs you shared in
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132027 the server
fails to start as it is unable to read the data directory
/var/lib/mysql, which is the standard data directory and this type of
failure is a bit surprising as we surely tested it before rolling out
the change. Could it be that you have something additional customized
in your MariaDB or general Debian settings?
More information about the pkg-mysql-maint
mailing list