Как я могу восстановить apparmor настройки для/var/lib/mysql?
Я должен был остановить mysql сервис, сдуть /var/lib/mysql, затем воссозданный это с копией /var/lib/mysql от удаленного сервера. Такое опрометчивое действие было в порядке, чтобы... "импортировать"?... действительно огромная база данных быстро.
Теперь я не могу перезапустить mysql из-за apparmor и являюсь первым разом, когда я когда-либо знал об этом.
Когда попытка запустить mysql сервис снова, что я вижу, является этим:
developer@developer-Inspiron-5559:~$ sudo service mysql start
Job for mysql.service failed because the control process exited with error code. See "systemctl status mysql.service" and "journalctl -xe" for details.
developer@developer-Inspiron-5559:~$ journalctl -xe
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit mysql.service has failed.
--
-- The result is failed.
ene 02 18:05:34 developer-Inspiron-5559 systemd[1]: mysql.service: Unit entered failed state.
ene 02 18:05:34 developer-Inspiron-5559 systemd[1]: mysql.service: Failed with result 'exit-code'.
ene 02 18:05:35 developer-Inspiron-5559 systemd[1]: mysql.service: Service hold-off time over, scheduling restart.
ene 02 18:05:35 developer-Inspiron-5559 systemd[1]: Stopped MySQL Community Server.
-- Subject: Unit mysql.service has finished shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit mysql.service has finished shutting down.
ene 02 18:05:35 developer-Inspiron-5559 systemd[1]: Starting MySQL Community Server...
-- Subject: Unit mysql.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit mysql.service has begun starting up.
ene 02 18:05:35 developer-Inspiron-5559 audit[23831]: AVC apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/proc/23831/status" pid=23831 comm="mysqld" requested_mask="r" denied_mask="r"
ene 02 18:05:35 developer-Inspiron-5559 audit[23831]: AVC apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/sys/devices/system/node/" pid=23831 comm="mysqld" requested_mask="r" denied_m
ene 02 18:05:35 developer-Inspiron-5559 audit[23831]: AVC apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/proc/23831/status" pid=23831 comm="mysqld" requested_mask="r" denied_mask="r"
ene 02 18:05:35 developer-Inspiron-5559 kernel: audit: type=1400 audit(1514934335.367:51): apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/proc/23831/status" pid=23831 comm="mysqld" r
ene 02 18:05:35 developer-Inspiron-5559 kernel: audit: type=1400 audit(1514934335.367:52): apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/sys/devices/system/node/" pid=23831 comm="my
ene 02 18:05:35 developer-Inspiron-5559 kernel: audit: type=1400 audit(1514934335.367:53): apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/proc/23831/status" pid=23831 comm="mysqld" r
ene 02 18:05:36 developer-Inspiron-5559 systemd[1]: mysql.service: Main process exited, code=exited, status=1/FAILURE
ene 02 18:06:03 developer-Inspiron-5559 sudo[23927]: developer : TTY=pts/18 ; PWD=/home/developer ; USER=root ; COMMAND=/usr/sbin/service mysql start
ene 02 18:06:03 developer-Inspiron-5559 sudo[23927]: pam_unix(sudo:session): session opened for user root by (uid=0)
ene 02 18:06:05 developer-Inspiron-5559 systemd[1]: Failed to start MySQL Community Server.
-- Subject: Unit mysql.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit mysql.service has failed.
--
-- The result is failed.
ene 02 18:06:05 developer-Inspiron-5559 systemd[1]: mysql.service: Unit entered failed state.
ene 02 18:06:05 developer-Inspiron-5559 systemd[1]: mysql.service: Failed with result 'exit-code'.
ene 02 18:06:05 developer-Inspiron-5559 sudo[23927]: pam_unix(sudo:session): session closed for user root
ene 02 18:06:06 developer-Inspiron-5559 systemd[1]: mysql.service: Service hold-off time over, scheduling restart.
ene 02 18:06:06 developer-Inspiron-5559 systemd[1]: Stopped MySQL Community Server.
-- Subject: Unit mysql.service has finished shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit mysql.service has finished shutting down.
ene 02 18:06:06 developer-Inspiron-5559 systemd[1]: Starting MySQL Community Server...
-- Subject: Unit mysql.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit mysql.service has begun starting up.
ene 02 18:06:06 developer-Inspiron-5559 audit[23982]: AVC apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/proc/23982/status" pid=23982 comm="mysqld" requested_mask="r" denied_mask="r"
ene 02 18:06:06 developer-Inspiron-5559 audit[23982]: AVC apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/sys/devices/system/node/" pid=23982 comm="mysqld" requested_mask="r" denied_m
ene 02 18:06:06 developer-Inspiron-5559 audit[23982]: AVC apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/proc/23982/status" pid=23982 comm="mysqld" requested_mask="r" denied_mask="r"
ene 02 18:06:06 developer-Inspiron-5559 kernel: audit: type=1400 audit(1514934366.079:54): apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/proc/23982/status" pid=23982 comm="mysqld" r
ene 02 18:06:06 developer-Inspiron-5559 kernel: audit: type=1400 audit(1514934366.079:55): apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/sys/devices/system/node/" pid=23982 comm="my
ene 02 18:06:06 developer-Inspiron-5559 kernel: audit: type=1400 audit(1514934366.079:56): apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/proc/23982/status" pid=23982 comm="mysqld" r
ene 02 18:06:06 developer-Inspiron-5559 systemd[1]: mysql.service: Main process exited, code=exited, status=1/FAILURE
Так, после аварии, как я могу заставить apparmor позволить снова mysql доступу тот каталог?
Редактирование также попробовали (как предложил оракул) этого:
sudo nano /etc/apparmor.d/local/usr.sbin.mysqld
Содержание:
# Site-specific additions and overrides for usr.sbin.mysqld.
# For more details, please see /etc/apparmor.d/local/README.
/var/lib/mysql/ r,
/var/lib/mysql/** rwk,
И после сохранения...
$ sudo service apparmor reload
$ sudo service mysql restart
0
задан muru
3 January 2018 в 21:09
поделиться