John Watson

Hello! My name is Watson and I’m a freelance web developer. I create web sites using the latest tech for clients both huge and small. Rent my brain and I’ll help you build your dream project.

MySQL vs AppArmor solution

This is a very specific problem related to AppArmor and MySQL with non-standard data and temp directories. I just upgraded a database server to Ubuntu 10.04.1 LTS and ran up against a problem related to AppArmor. AppArmor is…

"...a kernel enhancement to confine programs to a limited set of resources. AppArmor's unique security model is to bind access control attributes to programs rather than to users."

My database files are in /mnt/mysql rather than /var (Amazon server). Attempting to start MySQL I got errors that MySQL couldn’t write to the temp directory. When I changed the temp directory to /tmp I got new errors that it couldn’t access the data in /mnt/mysql. All of the file permissions were correct and I was attempting to start the daemon as root anyway. In addition, errors like this showed up in the syslog:

kernel: [ 7810.088219] type=1503 audit(1286826657.774:226):  operation=“mknod” pid=12802 parent=3974 profile=“/usr/sbin/mysqld” requested_mask=“c::” denied_mask=“c::” fsuid=106 ouid=106 name=“/mnt/tmp/ibTz0Fu7”

Solution: First thing you should do is make sure all of your file and directory permissions are correct. Next, check your AppArmor configuration. The MySQL configuration for AppArmor lives at /etc/apparmor.d/usr.sbin.mysqld. Add your database and temp directories to the AppArmor configuration. Then restart the AppArmor daemon.