Bug #47195 | Please mention AppArmor in the "troubleshooting the mysql server" manual! | ||
---|---|---|---|
Submitted: | 8 Sep 2009 20:22 | Modified: | 28 Sep 2009 16:29 |
Reporter: | Ian Katz | Email Updates: | |
Status: | Closed | Impact on me: | |
Category: | MySQL Server: Documentation | Severity: | S3 (Non-critical) |
Version: | OS: | Any | |
Assigned to: | Paul DuBois | CPU Architecture: | Any |
Tags: | apparmor, frustration, google failed me, hours of my life that i'll never get back, obscure |
[8 Sep 2009 20:22]
Ian Katz
[8 Sep 2009 21:45]
Sveta Smirnova
Thank you for the documentation request.
[28 Sep 2009 16:03]
Paul DuBois
Thank you for your bug report. This issue has been addressed in the documentation. The updated documentation will appear on our website shortly, and will be included in the next release of the relevant products. " You could argue that I "should know better", but I spent a very, VERY long amount of time on this because nothing AND I MEAN NOTHING -- from the mysql logs to the kernel logs -- says that "permission denied" is caused by AppArmor. " I'm not going to argue that you should know better, but I wonder whether AppArmor should know better -- or perhaps provide better information to users about actions that it takes. When I look at issues such as the following, I wonder whether this is not a bug in AppArmor: http://brainwreckedtech.wordpress.com/2008/04/25/ubuntu-804-bug-with-mysql-and-apparmor/ https://bugs.launchpad.net/ubuntu/+source/mysql-dfsg-5.0/+bug/201799 I am inclined to think this is an Ubuntu problem rather than a MySQL issue. Regardless, I have added the following paragraph to the manual: If it possible that even with correct ownership, MySQL may fail to start up if there is other security software running in your system that manages application access to various parts of the file system. In this case, you may need to reconfigure that software to enable mysqld to access the directories it uses during normal operation. By the way, the MySQL logs cannot provide information about actions taken by AppArmor because MySQL wouldn't have any idea who might have modified permissions.
[28 Sep 2009 16:29]
Ian Katz
Oh, I wasn't trying to imply that this is a problem with MySQL; the root of this is most definitely the lack of helpful messages from AppArmor (and I plan to take that up with them separately). I was just saying that since there is no way that the server process could tell you why it was being denied permission, the troubleshooting guide should mention it. I think we are basically in agreement on this :) Thanks for updating the docs. I would never have found the brainwreckedtech post without knowing to search for AppArmor.