服务器 Gind.cn
  1. 服务器 Gind.cn
  3. AppArmor拒绝mysqld.cnf中的更改
Intereting Posts
起搏器集群问题 – 如果从主防火墙拔下网线,备用防火墙不会接pipe 无法从Nginx中删除强制HTTPSredirect? 我应该encryption我的主目录(Ubuntu服务器)? 案例场景:Dev Server,Production Server,Desktop等 SQL Server不存档日志 将sudo限制为只有一个目录,sudoers文件是子目录 阴影/ V实际上做了什么? 服务器2012年:不会重新启动,只locking 与Office共享networking驱动器和删除权限被禁用导致无法保存 用于多个子域的Nginx服务器块 我的托pipe公司是否使用Amazon EC2? 如何监视SQL Server数据库? 用Apache / Django限制表单邮件大小 – 澄清 是包含在免费层的gae灵活环境中使用的f1-micro实例吗? 密码保护虚拟文件根目录 在Apache2中使用mod_dav_svn进行身份validation

AppArmor拒绝mysqld.cnf中的更改

在启用了AppArmor的Ubuntu 16.04.3 LTS实例中,我遇到了以下MySQL问题。

将MySQL的bind-address更改为127.0.0.X以外的任何内容并重新启动MySQL时,会发生该问题。 如果我改变了设置,MySQL将会重新启动。 日志清楚地表明,AppArmor已经find了变化,不会接受它,但是如何让AppArmor接受我的变更而不影响安全模型?

我试图从不同的位置更改cnf文件,但结果是相同的任何方式。 此特定的日志输出来自更改/etc/mysql/mysql.conf.d/mysqld.cnf

控制台输出重启 

 root@MyServer:~# service mysql restart Job for mysql.service failed because the control process exited with error code. See "systemctl status mysql.service" and "journalctl -xe" for details.

Journalctl输出 

 root@MyServer:~# journalctl -xe -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit mysql.service has finished shutting down. Oct 23 19:34:20 MyServer systemd[1]: Starting MySQL Community Server... -- Subject: Unit mysql.service has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit mysql.service has begun starting up. Oct 23 19:34:20 MyServer kernel: audit_printk_skb: 12 callbacks suppressed Oct 23 19:34:20 MyServer kernel: audit: type=1400 audit(1508787260.641:135): apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/proc/7278/status" pid=7278 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=113 ouid=113 Oct 23 19:34:20 MyServer audit[7278]: AVC apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/proc/7278/status" pid=7278 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=113 ouid=113 Oct 23 19:34:20 MyServer audit[7278]: AVC apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/sys/devices/system/node/" pid=7278 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=113 ouid=0 Oct 23 19:34:20 MyServer audit[7278]: AVC apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/proc/7278/status" pid=7278 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=113 ouid=113 Oct 23 19:34:20 MyServer kernel: audit: type=1400 audit(1508787260.653:136): apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/sys/devices/system/node/" pid=7278 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=113 ouid=0 Oct 23 19:34:20 MyServer kernel: audit: type=1400 audit(1508787260.653:137): apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/proc/7278/status" pid=7278 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=113 ouid=113 Oct 23 19:34:22 MyServer systemd[1]: mysql.service: Main process exited, code=exited, status=1/FAILURE Oct 23 19:34:46 MyServer kernel: [UFW BLOCK] IN=eth0 OUT= MAC=ba:3f:d6:c5:XX:XX:f4:a7:39:d7:XX:XX:XX:XX SRC=XX.XX.XX.XX DST=XXX.XXX.XX.XX LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=36512 PROTO=TCP SPT=46090 DPT=3128 WINDOW=1024 RES=0x00 SYN URGP=0 Oct 23 19:34:46 MyServer kernel: IN=eth0 OUT= MAC=ba:3f:d6:c5:XX:XX:f4:a7:39:d7:XX:XX:XX:XX SRC=XX.XX.XX.XX DST=XXX.XXX.XX.XX LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=36512 PROTO=TCP SPT=46090 DPT=3128 WINDOW=1024 RES=0x00 SYN URGP=0 Oct 23 19:34:50 MyServer systemd[1]: Failed to start MySQL Community Server. -- Subject: Unit mysql.service has failed -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit mysql.service has failed. -- -- The result is failed. Oct 23 19:34:50 MyServer systemd[1]: mysql.service: Unit entered failed state. Oct 23 19:34:50 MyServer systemd[1]: mysql.service: Failed with result 'exit-code'. Oct 23 19:34:51 MyServer systemd[1]: mysql.service: Service hold-off time over, scheduling restart. Oct 23 19:34:51 MyServer systemd[1]: Stopped MySQL Community Server. -- Subject: Unit mysql.service has finished shutting down -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit mysql.service has finished shutting down. Oct 23 19:34:51 MyServer systemd[1]: Starting MySQL Community Server... -- Subject: Unit mysql.service has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit mysql.service has begun starting up. Oct 23 19:34:51 MyServer audit[7381]: AVC apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/proc/7381/status" pid=7381 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=113 ouid=113 Oct 23 19:34:51 MyServer kernel: audit: type=1400 audit(1508787291.145:138): apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/proc/7381/status" pid=7381 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=113 ouid=113 Oct 23 19:34:51 MyServer audit[7381]: AVC apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/sys/devices/system/node/" pid=7381 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=113 ouid=0 Oct 23 19:34:51 MyServer audit[7381]: AVC apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/proc/7381/status" pid=7381 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=113 ouid=113 Oct 23 19:34:51 MyServer kernel: audit: type=1400 audit(1508787291.149:139): apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/sys/devices/system/node/" pid=7381 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=113 ouid=0 Oct 23 19:34:51 MyServer kernel: audit: type=1400 audit(1508787291.149:140): apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/proc/7381/status" pid=7381 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=113 ouid=113 Oct 23 19:34:53 MyServer systemd[1]: mysql.service: Main process exited, code=exited, status=1/FAILURE