[apparmor] [patch] extra profiles: update mysqld profile

Christian Boltz apparmor at cboltz.de
Mon Dec 1 22:03:37 UTC 2014 

Hello,

this patch updates the mysqld profile in the extras directory to 
something that works on my servers ;-)

BTW: AFAIK Ubuntu ships an active profile for mysqld - can someone merge
it with this profile, please?


=== modified file 'profiles/apparmor/profiles/extras/usr.sbin.mysqld'
--- profiles/apparmor/profiles/extras/usr.sbin.mysqld   2007-05-16 18:51:46 +0000
+++ profiles/apparmor/profiles/extras/usr.sbin.mysqld   2014-12-01 22:00:57 +0000
@@ -1,6 +1,9 @@
+# Last Modified: Mon Dec  1 22:23:12 2014
+
 # ------------------------------------------------------------------
 #
 #    Copyright (C) 2002-2005 Novell/SUSE
+#    Copyright (C) 2014 Christian Boltz
 #
 #    This program is free software; you can redistribute it and/or
 #    modify it under the terms of version 2 of the GNU General Public
@@ -8,12 +11,12 @@
 #
 # ------------------------------------------------------------------
 # vim:syntax=apparmor
-# Last Modified: Wed Aug 17 14:28:07 2005
 
 #include <tunables/global>
 
 /usr/sbin/mysqld {
   #include <abstractions/base>
+  #include <abstractions/mysql>
   #include <abstractions/nameservice>
   #include <abstractions/user-tmp>
 
@@ -21,8 +24,22 @@
   capability setgid,
   capability setuid,
 
+  /etc/hosts.allow r,
+  /etc/hosts.deny r,
   /etc/my.cnf r,
+  /etc/my.cnf.d/ r,
+  /etc/my.cnf.d/*.cnf r,
+  /root/.my.cnf r,
+  /usr/lib{,32,64}/**.so mr,
   /usr/sbin/mysqld r,
+  /usr/share/mariadb/*/errmsg.sys r,
+  /usr/share/mysql-community-server/*/errmsg.sys r,
   /usr/share/mysql/** r,
-  /var/lib/mysql/** lrw,
+  /var/lib/mysql/ r,
+  /var/lib/mysql/** rwl,
+  /var/log/mysql/mysqld-upgrade-run.log w,
+  /var/log/mysql/mysqld.log w,
+  /var/log/mysql/mysqld.log-20* w,
+  /{,var/}run/mysql/mysqld.pid w,
+
 }



Regards,

Christian Boltz
-- 
> But does your response also means that there is no concern if openSUSE
> is left with no multimedia support normally provided from packman?
Only if your psychic abilities surpass those of Miss Cleo and I'm the
evil cousin of the wicked witch of the west. But who knows...
[> Basil Chupin and Henne Vogelsang in opensuse-project]

More information about the AppArmor mailing list