Ubuntu: How can I restore the apparmor settings for /var/lib/mysql?



Question:

I had to stop the mysql service, blow away the /var/lib/mysql, then recreated it with a copy of /var/lib/mysql from a remote server. Such reckless action was in order to ... "import"? ... a really huge database quickly.

Now I cannot restart mysql due to apparmor, and is the first time I ever knew about it.

When trying to start the mysql service again, what I see is this:

developer@developer-Inspiron-5559:~$ sudo service mysql start  Job for mysql.service failed because the control process exited with error code. See "systemctl status mysql.service" and "journalctl -xe" for details.  developer@developer-Inspiron-5559:~$ journalctl -xe  -- Defined-By: systemd  -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel  --   -- Unit mysql.service has failed.  --   -- The result is failed.  ene 02 18:05:34 developer-Inspiron-5559 systemd[1]: mysql.service: Unit entered failed state.  ene 02 18:05:34 developer-Inspiron-5559 systemd[1]: mysql.service: Failed with result 'exit-code'.  ene 02 18:05:35 developer-Inspiron-5559 systemd[1]: mysql.service: Service hold-off time over, scheduling restart.  ene 02 18:05:35 developer-Inspiron-5559 systemd[1]: Stopped MySQL Community Server.  -- Subject: Unit mysql.service has finished shutting down  -- Defined-By: systemd  -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel  --   -- Unit mysql.service has finished shutting down.  ene 02 18:05:35 developer-Inspiron-5559 systemd[1]: Starting MySQL Community Server...  -- Subject: Unit mysql.service has begun start-up  -- Defined-By: systemd  -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel  --   -- Unit mysql.service has begun starting up.  ene 02 18:05:35 developer-Inspiron-5559 audit[23831]: AVC apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/proc/23831/status" pid=23831 comm="mysqld" requested_mask="r" denied_mask="r"  ene 02 18:05:35 developer-Inspiron-5559 audit[23831]: AVC apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/sys/devices/system/node/" pid=23831 comm="mysqld" requested_mask="r" denied_m  ene 02 18:05:35 developer-Inspiron-5559 audit[23831]: AVC apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/proc/23831/status" pid=23831 comm="mysqld" requested_mask="r" denied_mask="r"  ene 02 18:05:35 developer-Inspiron-5559 kernel: audit: type=1400 audit(1514934335.367:51): apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/proc/23831/status" pid=23831 comm="mysqld" r  ene 02 18:05:35 developer-Inspiron-5559 kernel: audit: type=1400 audit(1514934335.367:52): apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/sys/devices/system/node/" pid=23831 comm="my  ene 02 18:05:35 developer-Inspiron-5559 kernel: audit: type=1400 audit(1514934335.367:53): apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/proc/23831/status" pid=23831 comm="mysqld" r  ene 02 18:05:36 developer-Inspiron-5559 systemd[1]: mysql.service: Main process exited, code=exited, status=1/FAILURE  ene 02 18:06:03 developer-Inspiron-5559 sudo[23927]: developer : TTY=pts/18 ; PWD=/home/developer ; USER=root ; COMMAND=/usr/sbin/service mysql start  ene 02 18:06:03 developer-Inspiron-5559 sudo[23927]: pam_unix(sudo:session): session opened for user root by (uid=0)  ene 02 18:06:05 developer-Inspiron-5559 systemd[1]: Failed to start MySQL Community Server.  -- Subject: Unit mysql.service has failed  -- Defined-By: systemd  -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel  --   -- Unit mysql.service has failed.  --   -- The result is failed.  ene 02 18:06:05 developer-Inspiron-5559 systemd[1]: mysql.service: Unit entered failed state.  ene 02 18:06:05 developer-Inspiron-5559 systemd[1]: mysql.service: Failed with result 'exit-code'.  ene 02 18:06:05 developer-Inspiron-5559 sudo[23927]: pam_unix(sudo:session): session closed for user root  ene 02 18:06:06 developer-Inspiron-5559 systemd[1]: mysql.service: Service hold-off time over, scheduling restart.  ene 02 18:06:06 developer-Inspiron-5559 systemd[1]: Stopped MySQL Community Server.  -- Subject: Unit mysql.service has finished shutting down  -- Defined-By: systemd  -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel  --   -- Unit mysql.service has finished shutting down.  ene 02 18:06:06 developer-Inspiron-5559 systemd[1]: Starting MySQL Community Server...  -- Subject: Unit mysql.service has begun start-up  -- Defined-By: systemd  -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel  --   -- Unit mysql.service has begun starting up.  ene 02 18:06:06 developer-Inspiron-5559 audit[23982]: AVC apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/proc/23982/status" pid=23982 comm="mysqld" requested_mask="r" denied_mask="r"  ene 02 18:06:06 developer-Inspiron-5559 audit[23982]: AVC apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/sys/devices/system/node/" pid=23982 comm="mysqld" requested_mask="r" denied_m  ene 02 18:06:06 developer-Inspiron-5559 audit[23982]: AVC apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/proc/23982/status" pid=23982 comm="mysqld" requested_mask="r" denied_mask="r"  ene 02 18:06:06 developer-Inspiron-5559 kernel: audit: type=1400 audit(1514934366.079:54): apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/proc/23982/status" pid=23982 comm="mysqld" r  ene 02 18:06:06 developer-Inspiron-5559 kernel: audit: type=1400 audit(1514934366.079:55): apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/sys/devices/system/node/" pid=23982 comm="my  ene 02 18:06:06 developer-Inspiron-5559 kernel: audit: type=1400 audit(1514934366.079:56): apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/proc/23982/status" pid=23982 comm="mysqld" r  ene 02 18:06:06 developer-Inspiron-5559 systemd[1]: mysql.service: Main process exited, code=exited, status=1/FAILURE  

So, after the disaster, how can I make apparmor allow again mysql accessing that directory?

Edit also tried (as suggested by oracle) this one:

sudo nano /etc/apparmor.d/local/usr.sbin.mysqld  

Content:

# Site-specific additions and overrides for usr.sbin.mysqld.  # For more details, please see /etc/apparmor.d/local/README.  /var/lib/mysql/ r,  /var/lib/mysql/** rwk,  

And after saving...

$ sudo service apparmor reload    $ sudo service mysql restart  

Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Previous
Next Post »