Description:
Hi all

I install mysql from apt repo

Then following guide
https://dev.mysql.com/doc/refman/8.0/en/large-page-support.html

mysql server is not using huge pages

How to repeat:

Log

tail -f /var/log/mysql/error.log
...
[Warning] [MY-012678] [InnoDB] Failed to attach shared memory segment, errno 13
[Warning] [MY-012679] [InnoDB] Using conventional memory pool
...

tail -f /var/log/kern.log

kernel: [ 1921.472338] audit: type=1400 audit(1574672644.670:134): apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/etc/ssl/openssl.cnf" pid=2652 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=111 ouid=0

kernel: [ 1921.480905] audit: type=1400 audit(1574672644.682:135): apparmor="DENIED" operation="file_mmap" profile="/usr/sbin/mysqld" name="/" pid=2652 comm="mysqld" requested_mask="wr" denied_mask="wr" fsuid=111 ouid=111

Suggested fix:
SOLUTION:

# dpkg -S /etc/apparmor.d/usr.sbin.mysqld
mysql-community-server: /etc/apparmor.d/usr.sbin.mysqld

--> /etc/apparmor.d/usr.sbin.mysqld belong to mysql-community-server deb package!

Change /etc/apparmor.d/usr.sbin.mysqld

   /proc/*/status r,
+  / rw,
+  /etc/ssl/openssl.cnf r,
   capability sys_resource,

Then

systemctl stop mysql

systemctl start mysql

Check hugepage used: grep Huge /proc/meminfo

Now it's start successfully and some huge pages are using

Thanks

Hi,

Thanks for the report and the fix.

Maybe there are security issues when we set / rw, apparmor rule

Good solutions are read, write restricted perms detail in root

I'm not apparmor expert, so I can not offer more details

The last comment

Because hugepages also used memlock (no swap) that we configured at

/etc/security/limits.conf
mysql  soft  memlock  max_value_number
mysql  hard  memlock  max_value_number

Maybe includes 1 apparmor rule:

capability ipc_lock,

My references:
https://bugs.launchpad.net/ubuntu/+source/mysql-5.5/+bug/1011867
http://man7.org/linux/man-pages/man7/capabilities.7.html

Tks