Bug#869865: usr.sbin.mysqld-akonadi: denied access to /etc/mysql/mariadb.cnf

To: 869865@bugs.debian.org
Subject: Bug#869865: usr.sbin.mysqld-akonadi: denied access to /etc/mysql/mariadb.cnf
From: Vincas Dargis <vindrg@gmail.com>
Date: Mon, 6 Nov 2017 20:28:36 +0200
Message-id: <[🔎] 62db07c6-cd11-910b-9b85-0fd9a34c18fc@gmail.com>
Reply-to: Vincas Dargis <vindrg@gmail.com>, 869865@bugs.debian.org
References: <150114410384.2039.1190951365070549335.reportbug@debian-unstable>

Control: tags -1 +patch
Control: user pkg-apparmor-team@lists.alioth.debian.org
Control: usertags -1 +modify-profile

I see that /etc/mysql/mariadb.cnf deny is fixed in Vcs-Git, though there are two more additional denies:

type=AVC msg=audit(1509645650.114:137): apparmor="DENIED" operation="open"profile="/usr/sbin/mysqld-akonadi///usr/sbin/mysqld" name="/etc/mysql/mariadb.conf.d/" pid=1588 comm="mysqld"requested_mask="r" denied_mask="r" fsuid=1000 ouid=0type=SYSCALL msg=audit(1509645650.114:137): arch=c000003e syscall=2 success=no exit=-13 a0=7ffee010da20 a1=90800a2=7ffee010e61d a3=7f31a1429380 items=0 ppid=1586 pid=1588 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=5 comm="mysqld" exe="/usr/sbin/mysqld" key=(null)

type=PROCTITLE msg=audit(1509645650.114:137): proctitle=2F7573722F7362696E2F6D7973716C64002D2D76657273696F6E

type=AVC msg=audit(1509991621.749:236): apparmor="DENIED" operation="open"profile="/usr/sbin/mysqld-akonadi///usr/sbin/mysqld" name="/etc/mysql/mariadb.conf.d/test.cnf" pid=3310 comm="mysqld"requested_mask="r" denied_mask="r" fsuid=1000 ouid=0type=SYSCALL msg=audit(1509991621.749:236): arch=c000003e syscall=2 success=no exit=-13 a0=7ffe2808b2e0 a1=80000 a2=1b6a3=80000 items=0 ppid=3307 pid=3310 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000fsgid=1000 tty=(none) ses=17 comm="mysqld" exe="/usr/sbin/mysqld" key=(null)

type=PROCTITLE msg=audit(1509991621.749:236): proctitle=2F7573722F7362696E2F6D7973716C64002D2D76657273696F6E

I have attached a patch to fix this ussue. Tested on Debian Sid with KDE.

diff --git a/debian/usr.sbin.mysqld-akonadi b/debian/usr.sbin.mysqld-akonadi
index d617bcc..7365330 100644
--- a/debian/usr.sbin.mysqld-akonadi
+++ b/debian/usr.sbin.mysqld-akonadi
@@ -21,6 +21,8 @@
     /etc/mysql/conf.d/* r,
     /etc/mysql/my.cnf r,
     /etc/mysql/mariadb.cnf r,
+    /etc/mysql/mariadb.conf.d/ r,
+    /etc/mysql/mariadb.conf.d/* r,
 
     /sys/devices/system/cpu/ r,

Reply to:

Prev by Date: libmediawiki_5.37.0-1_amd64.changes is NEW
Next by Date: Processed (with 2 errors): Re: usr.sbin.mysqld-akonadi: denied access to /etc/mysql/mariadb.cnf
Previous by thread: libmediawiki_5.37.0-1_amd64.changes is NEW
Next by thread: Processed (with 2 errors): Re: usr.sbin.mysqld-akonadi: denied access to /etc/mysql/mariadb.cnf
Index(es):
- Date
- Thread