[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#869865: usr.sbin.mysqld-akonadi: denied access to /etc/mysql/mariadb.cnf



Control: tags -1 +patch
Control: user pkg-apparmor-team@lists.alioth.debian.org
Control: usertags -1 +modify-profile

I see that /etc/mysql/mariadb.cnf deny is fixed in Vcs-Git, though there are two more additional denies:


type=AVC msg=audit(1509645650.114:137): apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld-akonadi///usr/sbin/mysqld" name="/etc/mysql/mariadb.conf.d/" pid=1588 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 type=SYSCALL msg=audit(1509645650.114:137): arch=c000003e syscall=2 success=no exit=-13 a0=7ffee010da20 a1=90800 a2=7ffee010e61d a3=7f31a1429380 items=0 ppid=1586 pid=1588 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=5 comm="mysqld" exe="/usr/sbin/mysqld" key=(null)
type=PROCTITLE msg=audit(1509645650.114:137): proctitle=2F7573722F7362696E2F6D7973716C64002D2D76657273696F6E


type=AVC msg=audit(1509991621.749:236): apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld-akonadi///usr/sbin/mysqld" name="/etc/mysql/mariadb.conf.d/test.cnf" pid=3310 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 type=SYSCALL msg=audit(1509991621.749:236): arch=c000003e syscall=2 success=no exit=-13 a0=7ffe2808b2e0 a1=80000 a2=1b6 a3=80000 items=0 ppid=3307 pid=3310 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=17 comm="mysqld" exe="/usr/sbin/mysqld" key=(null)
type=PROCTITLE msg=audit(1509991621.749:236): proctitle=2F7573722F7362696E2F6D7973716C64002D2D76657273696F6E

I have attached a patch to fix this ussue. Tested on Debian Sid with KDE.
diff --git a/debian/usr.sbin.mysqld-akonadi b/debian/usr.sbin.mysqld-akonadi
index d617bcc..7365330 100644
--- a/debian/usr.sbin.mysqld-akonadi
+++ b/debian/usr.sbin.mysqld-akonadi
@@ -21,6 +21,8 @@
     /etc/mysql/conf.d/* r,
     /etc/mysql/my.cnf r,
     /etc/mysql/mariadb.cnf r,
+    /etc/mysql/mariadb.conf.d/ r,
+    /etc/mysql/mariadb.conf.d/* r,
 
     /sys/devices/system/cpu/ r,
 

Reply to: