Я использую MySQL с другим местоположением для даты базы данных начиная с Ubuntu 12.04, и у меня не было проблем. Моя конфигурация была такой:
sudo ln -s /home/db/mysql /var/lib/mysql
/home/db/** rwk,
в /etc/apparmor.d/usr.sbin.mysqld
Он работал прекрасно до Ubuntu 14.04. Я боролся весь день, но не могу заставить его работать.
Похоже, что AppArmor не предоставляет запрошенные разрешения для MySQL в папке / home / db, поскольку, если я сделаю chmod 777 -R /home/db
, это сработает.
В противном случае я получаю это:
$ sudo service mysql start
start: Job failed to start
И журнал:
140420 22:42:56 [Warning] Using unique option prefix myisam-recover instead of myisam-recover-options is deprecated and will be removed in a future release. Please use the full name instead.
140420 22:42:56 [Note] Plugin 'FEDERATED' is disabled.
/usr/sbin/mysqld: Can't find file: './mysql/plugin.frm' (errno: 13)
140420 22:42:56 [ERROR] Can't open the mysql.plugin table. Please run mysql_upgrade to create it.
140420 22:42:56 InnoDB: The InnoDB memory heap is disabled
140420 22:42:56 InnoDB: Mutexes and rw_locks use GCC atomic builtins
140420 22:42:56 InnoDB: Compressed tables use zlib 1.2.8
140420 22:42:56 InnoDB: Using Linux native AIO
140420 22:42:56 InnoDB: Initializing buffer pool, size = 128.0M
140420 22:42:56 InnoDB: Completed initialization of buffer pool
140420 22:42:56 InnoDB: highest supported file format is Barracuda.
140420 22:42:57 InnoDB: Waiting for the background threads to start
140420 22:42:58 InnoDB: 5.5.35 started; log sequence number 242217316
140420 22:42:58 [Note] Server hostname (bind-address): '127.0.0.1'; port: 3306
140420 22:42:58 [Note] - '127.0.0.1' resolves to '127.0.0.1';
140420 22:42:58 [Note] Server socket created on IP: '127.0.0.1'.
140420 22:42:58 [ERROR] /usr/sbin/mysqld: Can't find file: './mysql/host.frm' (errno: 13)
140420 22:42:58 [ERROR] Fatal error: Can't open and lock privilege tables: Can't find file: './mysql/host.frm' (errno: 13)
140420 22:42:58 [Warning] Using unique option prefix myisam-recover instead of myisam-recover-options is deprecated and will be removed in a future release. Please use the full name instead.
140420 22:42:58 [Note] Plugin 'FEDERATED' is disabled.
/usr/sbin/mysqld: Can't find file: './mysql/plugin.frm' (errno: 13)
140420 22:42:58 [ERROR] Can't open the mysql.plugin table. Please run mysql_upgrade to create it.
140420 22:42:58 InnoDB: The InnoDB memory heap is disabled
140420 22:42:58 InnoDB: Mutexes and rw_locks use GCC atomic builtins
140420 22:42:58 InnoDB: Compressed tables use zlib 1.2.8
140420 22:42:58 InnoDB: Using Linux native AIO
140420 22:42:58 InnoDB: Initializing buffer pool, size = 128.0M
140420 22:42:58 InnoDB: Completed initialization of buffer pool
140420 22:42:59 InnoDB: highest supported file format is Barracuda.
140420 22:42:59 InnoDB: Waiting for the background threads to start
140420 22:43:00 InnoDB: 5.5.35 started; log sequence number 242217316
140420 22:43:00 [Note] Server hostname (bind-address): '127.0.0.1'; port: 3306
140420 22:43:00 [Note] - '127.0.0.1' resolves to '127.0.0.1';
140420 22:43:00 [Note] Server socket created on IP: '127.0.0.1'.
140420 22:43:00 [ERROR] /usr/sbin/mysqld: Can't find file: './mysql/host.frm' (errno: 13)
140420 22:43:00 [ERROR] Fatal error: Can't open and lock privilege tables: Can't find file: './mysql/host.frm' (errno: 13)
140420 22:43:01 [Warning] Using unique option prefix myisam-recover instead of myisam-recover-options is deprecated and will be removed in a future release. Please use the full name instead.
140420 22:43:01 [Note] Plugin 'FEDERATED' is disabled.
/usr/sbin/mysqld: Can't find file: './mysql/plugin.frm' (errno: 13)
140420 22:43:01 [ERROR] Can't open the mysql.plugin table. Please run mysql_upgrade to create it.
140420 22:43:01 InnoDB: The InnoDB memory heap is disabled
140420 22:43:01 InnoDB: Mutexes and rw_locks use GCC atomic builtins
140420 22:43:01 InnoDB: Compressed tables use zlib 1.2.8
140420 22:43:01 InnoDB: Using Linux native AIO
140420 22:43:01 InnoDB: Initializing buffer pool, size = 128.0M
140420 22:43:01 InnoDB: Completed initialization of buffer pool
140420 22:43:01 InnoDB: highest supported file format is Barracuda.
140420 22:43:01 InnoDB: Waiting for the background threads to start
140420 22:43:02 InnoDB: 5.5.35 started; log sequence number 242217316
140420 22:43:02 [Note] Server hostname (bind-address): '127.0.0.1'; port: 3306
140420 22:43:02 [Note] - '127.0.0.1' resolves to '127.0.0.1';
140420 22:43:02 [Note] Server socket created on IP: '127.0.0.1'.
140420 22:43:02 [ERROR] /usr/sbin/mysqld: Can't find file: './mysql/host.frm' (errno: 13)
140420 22:43:02 [ERROR] Fatal error: Can't open and lock privilege tables: Can't find file: './mysql/host.frm' (errno: 13)
Это - проблема полномочий и не проблема Apparmor.
Apparmor работает в сочетании с полномочиями DAC.
AppArmor предоставляет дополнительную проверку разрешения DAC. DAC всегда проверяется в дополнение к проверкам разрешения AppArmor. По сути, AppArmor не может переопределить DAC для обеспечения большего доступа, чем, что обычно позволялось бы.