Problème de Mysql sur Ubuntu 14.04 avec les autorisations AppArmor pour le répertoire de données
J'utilise MySQL avec un emplacement différent pour la date de la base de données depuis Ubuntu 12.04 et je n'ai rencontré aucun problème. Ma configuration était comme ça:
- Données dans/home/db/mysql
- Lien dans l'emplacement par défaut
Sudo ln -s /home/db/mysql /var/lib/mysql - Ajout de
/home/db/** rwk,à/etc/apparmor.d/usr.sbin.mysqld
Cela a très bien fonctionné jusqu'à Ubuntu 14.04. J'ai eu du mal toute la journée, mais je n'arrive pas à le faire fonctionner.
Il semble qu'AppArmor n'accorde pas les autorisations demandées à MySQL dans le dossier/home/db, car si je fais chmod 777 -R /home/db cela fonctionne.
Sinon, je reçois ceci:
$ Sudo service mysql start
start: Job failed to start
Et le journal:
140420 22:42:56 [Warning] Using unique option prefix myisam-recover instead of myisam-recover-options is deprecated and will be removed in a future release. Please use the full name instead.
140420 22:42:56 [Note] Plugin 'FEDERATED' is disabled.
/usr/sbin/mysqld: Can't find file: './mysql/plugin.frm' (errno: 13)
140420 22:42:56 [ERROR] Can't open the mysql.plugin table. Please run mysql_upgrade to create it.
140420 22:42:56 InnoDB: The InnoDB memory heap is disabled
140420 22:42:56 InnoDB: Mutexes and rw_locks use GCC atomic builtins
140420 22:42:56 InnoDB: Compressed tables use zlib 1.2.8
140420 22:42:56 InnoDB: Using Linux native AIO
140420 22:42:56 InnoDB: Initializing buffer pool, size = 128.0M
140420 22:42:56 InnoDB: Completed initialization of buffer pool
140420 22:42:56 InnoDB: highest supported file format is Barracuda.
140420 22:42:57 InnoDB: Waiting for the background threads to start
140420 22:42:58 InnoDB: 5.5.35 started; log sequence number 242217316
140420 22:42:58 [Note] Server hostname (bind-address): '127.0.0.1'; port: 3306
140420 22:42:58 [Note] - '127.0.0.1' resolves to '127.0.0.1';
140420 22:42:58 [Note] Server socket created on IP: '127.0.0.1'.
140420 22:42:58 [ERROR] /usr/sbin/mysqld: Can't find file: './mysql/Host.frm' (errno: 13)
140420 22:42:58 [ERROR] Fatal error: Can't open and lock privilege tables: Can't find file: './mysql/Host.frm' (errno: 13)
140420 22:42:58 [Warning] Using unique option prefix myisam-recover instead of myisam-recover-options is deprecated and will be removed in a future release. Please use the full name instead.
140420 22:42:58 [Note] Plugin 'FEDERATED' is disabled.
/usr/sbin/mysqld: Can't find file: './mysql/plugin.frm' (errno: 13)
140420 22:42:58 [ERROR] Can't open the mysql.plugin table. Please run mysql_upgrade to create it.
140420 22:42:58 InnoDB: The InnoDB memory heap is disabled
140420 22:42:58 InnoDB: Mutexes and rw_locks use GCC atomic builtins
140420 22:42:58 InnoDB: Compressed tables use zlib 1.2.8
140420 22:42:58 InnoDB: Using Linux native AIO
140420 22:42:58 InnoDB: Initializing buffer pool, size = 128.0M
140420 22:42:58 InnoDB: Completed initialization of buffer pool
140420 22:42:59 InnoDB: highest supported file format is Barracuda.
140420 22:42:59 InnoDB: Waiting for the background threads to start
140420 22:43:00 InnoDB: 5.5.35 started; log sequence number 242217316
140420 22:43:00 [Note] Server hostname (bind-address): '127.0.0.1'; port: 3306
140420 22:43:00 [Note] - '127.0.0.1' resolves to '127.0.0.1';
140420 22:43:00 [Note] Server socket created on IP: '127.0.0.1'.
140420 22:43:00 [ERROR] /usr/sbin/mysqld: Can't find file: './mysql/Host.frm' (errno: 13)
140420 22:43:00 [ERROR] Fatal error: Can't open and lock privilege tables: Can't find file: './mysql/Host.frm' (errno: 13)
140420 22:43:01 [Warning] Using unique option prefix myisam-recover instead of myisam-recover-options is deprecated and will be removed in a future release. Please use the full name instead.
140420 22:43:01 [Note] Plugin 'FEDERATED' is disabled.
/usr/sbin/mysqld: Can't find file: './mysql/plugin.frm' (errno: 13)
140420 22:43:01 [ERROR] Can't open the mysql.plugin table. Please run mysql_upgrade to create it.
140420 22:43:01 InnoDB: The InnoDB memory heap is disabled
140420 22:43:01 InnoDB: Mutexes and rw_locks use GCC atomic builtins
140420 22:43:01 InnoDB: Compressed tables use zlib 1.2.8
140420 22:43:01 InnoDB: Using Linux native AIO
140420 22:43:01 InnoDB: Initializing buffer pool, size = 128.0M
140420 22:43:01 InnoDB: Completed initialization of buffer pool
140420 22:43:01 InnoDB: highest supported file format is Barracuda.
140420 22:43:01 InnoDB: Waiting for the background threads to start
140420 22:43:02 InnoDB: 5.5.35 started; log sequence number 242217316
140420 22:43:02 [Note] Server hostname (bind-address): '127.0.0.1'; port: 3306
140420 22:43:02 [Note] - '127.0.0.1' resolves to '127.0.0.1';
140420 22:43:02 [Note] Server socket created on IP: '127.0.0.1'.
140420 22:43:02 [ERROR] /usr/sbin/mysqld: Can't find file: './mysql/Host.frm' (errno: 13)
140420 22:43:02 [ERROR] Fatal error: Can't open and lock privilege tables: Can't find file: './mysql/Host.frm' (errno: 13)
Il s'agit d'un problème d'autorisations et non d'un problème d'Apparmor.
Apparmor fonctionne conjointement avec les autorisations DAC.
AppArmor fournit une vérification des autorisations supplémentaire à DAC. DAC est toujours vérifié en plus des contrôles d'autorisations AppArmor. En tant que tel, AppArmor ne peut pas remplacer DAC pour fournir un accès plus important que ce qui serait normalement autorisé.