[debian-mysql] Bug#1130272: marked as pending in mariadb

Otto Kekäläinen noreply at salsa.debian.org
Thu Mar 19 14:35:07 GMT 2026 

Control: tag -1 pending

Hello,

Bug #1130272 in mariadb reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/mariadb-team/mariadb-server/-/commit/bc8bb546a4bbad02dd3cf452e1836823350962a0

------------------------------------------------------------------------
Extend AppArmor profile to cover all easily testable features (Closes: #1130272)

Running the MariaDB test suite with as many tests enabled as possible
(~7177) while the AppArmor profile was in `complain` mode revealed many
types of legitimate actions not covered in the profile so far, as seen
in log entry snippets below.

Add the missing AppArmor rules to allow these operations while
maintaining security restrictions on other system resources by not
adding any overly broad rules.

    operation="file_perm" class="file" profile="mariadbd" name="/proc/sys/kernel/random/uuid" pid=2271 comm="mariadbd" requested_mask="r" denied_mask="r" fsuid=985 ouid=0
    operation="open" class="file" profile="mariadbd" name="/proc/2271/task/2275/comm" pid=2271 comm="mariadbd" requested_mask="wr" denied_mask="wr" fsuid=985 ouid=985
    operation="file_perm" class="file" profile="mariadbd" name="/proc/2271/task/2275/comm" pid=2271 comm="mariadbd" requested_mask="w" denied_mask="w" fsuid=985 ouid=985
    ...
    operation="open" class="file" profile="mariadbd" name="/sys/block/" pid=1782 comm="mariadbd" requested_mask="r" denied_mask="r" fsuid=985 ouid=0
    operation="file_perm" class="file" profile="mariadbd" name="/sys/block/" pid=1782 comm="mariadbd" requested_mask="r" denied_mask="r" fsuid=985 ouid=0
    operation="open" class="file" profile="mariadbd" name="/sys/devices/virtual/block/loop1/dev" pid=1782 comm="mariadbd" requested_mask="r" denied_mask="r" fsuid=985 ouid=0
    operation="file_perm" class="file" profile="mariadbd" name="/sys/devices/virtual/block/loop1/dev" pid=1782 comm="mariadbd" requested_mask="r" denied_mask="r" fsuid=985 ouid=0
    operation="open" class="file" profile="mariadbd" name="/sys/devices/virtual/block/loop6/dev" pid=1782 comm="mariadbd" requested_mask="r" denied_mask="r" fsuid=985 ouid=0
    operation="file_perm" class="file" profile="mariadbd" name="/sys/devices/virtual/block/loop6/dev" pid=1782 comm="mariadbd" requested_mask="r" denied_mask="r" fsuid=985 ouid=0
    operation="open" class="file" profile="mariadbd" name="/sys/devices/virtual/block/loop4/dev" pid=1782 comm="mariadbd" requested_mask="r" denied_mask="r" fsuid=985 ouid=0
    operation="file_perm" class="file" profile="mariadbd" name="/sys/devices/virtual/block/loop4/dev" pid=1782 comm="mariadbd" requested_mask="r" denied_mask="r" fsuid=985 ouid=0
    operation="open" class="file" profile="mariadbd" name="/sys/block/" pid=2031 comm="mariadbd" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
    ...
    operation="mknod" class="file" profile="mariadbd" name="/usr/share/mariadb/mariadb-test/autopkgtest.lower-test" pid=2025 comm="mariadbd" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
    ...
    operation="file_perm" class="file" profile="mariadbd" name="/etc/lsb-release" pid=195310 comm="mariadbd" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
    operation="file_perm" class="file" profile="mariadbd" name="/etc/lsb-release" pid=195344 comm="mariadbd" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
    ...
    operation="file_mmap" class="file" profile="mariadbd" name="/" comm="mariadbd" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
    operation="exec" class="file" profile="mariadbd" name="/usr/bin/x86_64-linux-gnu-addr2line" comm="mariadbd" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 target="mariadbd//null-/usr/bin/x86_64-linux-gnu-addr2line"
    operation="file_mmap" class="file" profile="mariadbd" name="/usr/bin/x86_64-linux-gnu-addr2line" comm="addr2line" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
    operation="file_mmap" class="file" profile="mariadbd" name="/usr/bin/x86_64-linux-gnu-addr2line" comm="addr2line" requested_mask="rm" denied_mask="rm" fsuid=1000 ouid=0
    operation="open" class="file" profile="mariadbd" name="/etc/gss/mech.d/" comm="mariadbd" requested_mask="r" denied_mask="r" fsuid=985 ouid=0
    operation="file_perm" class="file" profile="mariadbd" name="/etc/gss/mech.d/" comm="mariadbd" requested_mask="r" denied_mask="r" fsuid=985 ouid=0
    operation="open" class="file" profile="mariadbd" name="/etc/odbc.ini" comm="one_connection" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
    operation="open" class="file" profile="mariadbd" name="/etc/odbcinst.ini" comm="one_connection" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
    operation="file_perm" class="file" profile="mariadbd" name="/etc/odbcinst.ini" comm="one_connection" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
    operation="mknod" class="file" profile="mariadbd" name="/home/ubuntu/.odbc.ini" comm="one_connection" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
    operation="open" class="file" profile="mariadbd" name="/home/ubuntu/.odbc.ini" comm="one_connection" requested_mask="ac" denied_mask="ac" fsuid=1000 ouid=1000
    operation="open" class="file" profile="mariadbd" name="/home/ubuntu/.odbc.ini" comm="one_connection" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
    operation="file_perm" class="file" profile="mariadbd" name="/home/ubuntu/.odbc.ini" comm="one_connection" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
    operation="open" class="file" profile="mariadbd" name="/proc/243561/mounts" comm="one_connection" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
    operation="file_perm" class="file" profile="mariadbd" name="/proc/243561/mounts" comm="one_connection" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
    operation="open" class="file" profile="mariadbd" name="/var/cache/cracklib/cracklib_dict.hwm" comm="one_connection" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
    operation="file_perm" class="file" profile="mariadbd" name="/var/cache/cracklib/cracklib_dict.hwm" comm="one_connection" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
    operation="open" class="file" profile="mariadbd" name="/var/cache/cracklib/cracklib_dict.pwi" comm="one_connection" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
    operation="file_perm" class="file" profile="mariadbd" name="/var/cache/cracklib/cracklib_dict.pwi" comm="one_connection" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
    operation="open" class="file" profile="mariadbd" name="/var/cache/cracklib/cracklib_dict.pwd" comm="one_connection" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
    ...
    operation="open" class="file" profile="mariadbd" name="/etc/java-25-openjdk/jfr/default.jfc" comm="one_connection" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
    operation="open" class="file" profile="mariadbd" name="/etc/java-25-openjdk/logging.properties" comm="one_connection" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
    operation="open" class="file" profile="mariadbd" name="/etc/java-25-openjdk/security/java.security" comm="one_connection" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
    operation="open" class="file" profile="mariadbd" name="/proc/12167/coredump_filter" comm="one_connection" requested_mask="wr" denied_mask="wr" fsuid=1000 ouid=1000
    operation="open" class="file" profile="mariadbd" name="/proc/19122/net/if_inet6" comm="one_connection" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
    operation="open" class="file" profile="mariadbd" name="/proc/cgroups" comm="one_connection" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
    operation="open" class="file" profile="mariadbd" name="/proc/sys/vm/mmap_min_addr" comm="one_connection" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
    operation="open" class="file" profile="mariadbd" name="/sys/kernel/mm/transparent_hugepage/enabled" comm="one_connection" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
    operation="open" class="file" profile="mariadbd" name="/sys/kernel/mm/transparent_hugepage/shmem_enabled" comm="one_connection" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
------------------------------------------------------------------------

(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/1130272

More information about the pkg-mysql-maint mailing list