web-dev-qa-db-fra.com

Erreur de l'analyseur AppArmor pour mysqld

J'ai essayé de changer le répertoire de données MySQL vers un nouvel emplacement.

J'ai donc changé le fichier de configuration MySQL

/etc/mysql/mysql.conf.d/mysqld.cnf

et le fichier apparmor

/etc/apparmor.d/usr.sbin.mysqld

Malheureusement, cela n'a pas fonctionné et j'ai eu l'erreur suivante:

mysqld: Can't change dir to '/new/dir/mysql/' (Errcode: 13 - Permission denied)

J'ai réinstallé mysql et apparmor. Depuis lors même pas apparmor ne fonctionne plus. Je reçois les messages suivants:

Messages d'erreur:

root@Server:~# systemctl status apparmor.service
● apparmor.service - LSB: AppArmor initialization
   Loaded: loaded (/etc/init.d/apparmor; bad; vendor preset: enabled)
   Active: failed (Result: exit-code) since Fri 2018-08-24 09:24:24 CEST; 1min 41s ago
     Docs: man:systemd-sysv-generator(8)
  Process: 19955 ExecStart=/etc/init.d/apparmor start (code=exited, status=123)

Aug 24 09:24:24 Server apparmor[19955]: AppArmor parser error for /etc/apparmor.d/usr.lib.dovecot.dict in /etc/apparmor.d/abstractions/nameservice at line 16: missing an end of line character? (entry: /usr/share/mysql/charsets/*.xml)
Aug 24 09:24:24 Server apparmor[19955]: AppArmor parser error for /etc/apparmor.d/usr.lib.snapd.snap-confine.real in /etc/apparmor.d/usr.lib.snapd.snap-confine.real at line 11: Could not open '/var/lib/snapd/apparmor/snap-confine'
Aug 24 09:24:24 Server apparmor[19955]: AppArmor parser error for /etc/apparmor.d/usr.sbin.dovecot in /etc/apparmor.d/abstractions/nameservice at line 16: missing an end of line character? (entry: /usr/share/mysql/charsets/*.xml)
Aug 24 09:24:24 Server apparmor[19955]: Skipping profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd
Aug 24 09:24:24 Server apparmor[19955]: AppArmor parser error for /etc/apparmor.d/usr.sbin.mysqld in /etc/apparmor.d/abstractions/winbind at line 13: missing an end of line character? (entry: /usr/share/mysql/charsets/*.xml)
Aug 24 09:24:24 Server apparmor[19955]:    ...fail!
Aug 24 09:24:24 Server systemd[1]: apparmor.service: Control process exited, code=exited status=123
Aug 24 09:24:24 Server systemd[1]: Failed to start LSB: AppArmor initialization.
Aug 24 09:24:24 Server systemd[1]: apparmor.service: Unit entered failed state.
Aug 24 09:24:24 Server systemd[1]: apparmor.service: Failed with result 'exit-code'.

J'ai essayé de réparer ces erreurs pendant des heures. Mais maintenant, je n'ai plus aucune idée. Des suggestions quel pourrait être le problème?

EDIT: Contenu du fichier usr.sbin.mysqld

cat /etc/apparmor.d/usr.sbin.mysqld

# vim:syntax=apparmor
# Last Modified: Tue Feb 09 15:28:30 2016
#include <tunables/global>

/usr/sbin/mysqld flags=(complain) {
  #include <abstractions/base>
  #include <abstractions/nameservice>
  #include <abstractions/user-tmp>
  #include <abstractions/mysql>
  #include <abstractions/winbind>

# Allow system resource access
  /sys/devices/system/cpu/ r,
  capability sys_resource,
  capability dac_override,
  capability setuid,
  capability setgid,

# Allow network access
  network tcp,

  /etc/hosts.allow r,
  /etc/hosts.deny r,

# Allow config access
  /etc/mysql/** r,

# Allow pid, socket, socket lock file access
  /var/run/mysqld/mysqld.pid rw,
  /var/run/mysqld/mysqld.sock rw,
  /var/run/mysqld/mysqld.sock.lock rw,
  /run/mysqld/mysqld.pid rw,
  /run/mysqld/mysqld.sock rw,
  /run/mysqld/mysqld.sock.lock rw,

# Allow execution of server binary
  /usr/sbin/mysqld mr,
  /usr/sbin/mysqld-debug mr,

# Allow plugin access
  /usr/lib/mysql/plugin/ r,
  /usr/lib/mysql/plugin/*.so* mr,

# Allow error msg and charset access
  /usr/share/mysql/ r,
  /usr/share/mysql/** r,

# Allow data dir access
  /var/lib/mysql/ r,
  /var/lib/mysql/** rwk,

# Allow data files dir access
  /var/lib/mysql-files/ r,
  /var/lib/mysql-files/** rwk,

# Allow keyring dir access
  /var/lib/mysql-keyring/ r,
  /var/lib/mysql-keyring/** rwk,

# Allow log file access
  /var/log/mysql.err rw,
  /var/log/mysql.log rw,
  /var/log/mysql/ r,
  /var/log/mysql/** rw,

  # Site-specific additions and overrides. See local/README for details.
  #include <local/usr.sbin.mysqld>
}
1
jstuhh

Une suppression complète de toutes les données liées à mysql était la solution pour faire fonctionner à nouveau Apparmor.

En plus de la suppression de mysql,

Sudo apt-get remove --purge mysql-server mysql-client mysql-common
Sudo apt-get autoremove
Sudo apt-get autoclean

J'ai supprimé le dossier/fichiers suivant:

rm -rf /etc/apparmor.d/abstractions/mysql 
rm -rf /etc/apparmor.d/cache/usr.sbin.mysqld 
rm -rf /etc/mysql 
rm -rf /var/lib/mysql 
rm -rf /var/log/mysql* 
rm -rf /var/log/upstart/mysql.log* 
rm -rf /var/run/mysqld 
rm -rf ~/.mysql_history

Cela m'a incité les erreurs suivantes:

    Aug 24 10:29:37 Server apparmor[14061]: AppArmor parser error for /etc/apparmor.d/usr.lib.dovecot.auth in /etc/apparmor.d/usr.lib.dovecot.auth at line 18: Could not open 'abstractions/mysql'
    Aug 24 10:29:37 Server apparmor[14061]: AppArmor parser error for /etc/apparmor.d/usr.lib.dovecot.dict in /etc/apparmor.d/usr.lib.dovecot.dict at line 16: Could not open 'abstractions/mysql'
    Aug 24 10:29:37 Server apparmor[14061]: AppArmor parser error for /etc/apparmor.d/usr.sbin.dovecot in /etc/apparmor.d/usr.sbin.dovecot at line 19: Could not open 'abstractions/mysql'
    Aug 24 10:29:37 Server apparmor[14488]: AppArmor parser error for /etc/apparmor.d/sbin.syslog-ng in /etc/apparmor.d/sbin.syslog-ng at line 22: Could not open 'abstractions/mysql'

Après avoir supprimé #include <abstractions/mysql> dans les fichiers correspondants, je pouvais redémarrer Apparmor.

1
jstuhh