[apparmor] Fwd: MariaDB AppArmor

[Felix Geyer]

Hi,

On 21.02.2014 11:26, intrigeri wrote:
> Hi,
> 
> to Otto's request, I'm forwarding this message to the list,
> as I won't have time to allocate to this any time soon.
> 
> Anyone interested?

The testsuite runs fine with the profile from mysql-5.5 on Debian unstable.
The only exception is:

--- /tmp/mysql/3/tmp/check-mysqld_2.result      2014-02-22 17:53:39.186200000 +0100
+++ /tmp/mysql/3/tmp/check-mysqld_2.reject      2014-02-22 17:53:40.458200000 +0100
@@ -675,4 +675,4 @@
 partition      1.0     DISABLED        STORAGE ENGINE  50535.0 NULL    NULL    Mikael Ronstrom,
MySQL AB       Partition Storage Engine Helper GPL     OFF     Stable  1.0
 VARIABLE_NAME  VARIABLE_VALUE
 Variable_name  Value
-Slave_open_temp_tables 0
+Slave_open_temp_tables 1

mysqltest: Result content mismatch

not ok

However that seems to be https://mariadb.atlassian.net/browse/MDEV-5666

There are a few denied permissions:

apparmor="DENIED" operation="mknod" parent=13650 profile="/usr/sbin/mysqld"
name="/usr/share/mysql/mysql-test/<hostname>.lower-test" pid=13654 comm="mysqld"
requested_mask="c" denied_mask="c" fsuid=0 ouid=0
apparmor="DENIED" operation="open" parent=26824 profile="/usr/sbin/mysqld" name="/etc/" pid=26826
comm="mysqld" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
apparmor="DENIED" operation="open" parent=26863 profile="/usr/sbin/mysqld" name="/etc/pam.d/other"
pid=26895 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
apparmor="DENIED" operation="capable" parent=27197 profile="/usr/sbin/mysqld" pid=27231
comm="mysqld" pid=27231 comm="mysqld" capability=36  capname="block_suspend"

Just before the access to /etc/pam.d/other mariadb logs:
mysqld: PAM pam_end: NULL pam handle passed

The first one is obviously only requested by the test suite, not sure about the others.

Cheers,
Felix