Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Broken apparmor profile after 8.0.22-13 -> 8.0.23-14 upgrade

Description

percona-server-server package version 8.0.23-14-1.bionic installs incorrect apparmor config on upgrade. 

The package installs 2 apparmor files: /etc/apparmor.d/usr.sbin.mysqld.in and /etc/apparmor.d/local/usr.sbin.mysqld.in. postinst code is supposed to rename them, but that code only runs on fresh install so *.in files are left untouched after upgrade.  /etc/apparmor.d/usr.sbin.mysqld.in references local/usr.sbin.mysqld which does not exist so the profile fails to load.

The issued was introduced as part of https://jira.percona.com/browse/PS-7049 fix: https://github.com/percona/percona-server/commit/85f49bcd5209f791f3db9a2949db656ee19bc290

 

Environment

Ubuntu 18.04

root:~# dpkg -s percona-server-server |grep Version Version: 8.0.22-13-1.bionic root:~# apt install percona-server-server Reading package lists... Done Building dependency tree Reading state information... Done The following additional packages will be installed: percona-server-client percona-server-common The following packages will be upgraded: percona-server-client percona-server-common percona-server-server 3 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. Need to get 66.9 MB of archives. After this operation, 70.9 MB of additional disk space will be used. Do you want to continue? [Y/n] y Get:1 https://repo.percona.com/ps-80/apt bionic/main amd64 percona-server-server amd64 8.0.26-16-1.bionic [62.0 MB] Get:2 https://repo.percona.com/ps-80/apt bionic/main amd64 percona-server-client amd64 8.0.26-16-1.bionic [4,396 kB] Get:3 https://repo.percona.com/ps-80/apt bionic/main amd64 percona-server-common amd64 8.0.26-16-1.bionic [445 kB] Fetched 66.9 MB in 4s (17.4 MB/s) debconf: delaying package configuration, since apt-utils is not installed (Reading database ... 178811 files and directories currently installed.) Preparing to unpack .../percona-server-server_8.0.26-16-1.bionic_amd64.deb ... . Unpacking percona-server-server (8.0.26-16-1.bionic) over (8.0.22-13-1.bionic) ... Preparing to unpack .../percona-server-client_8.0.26-16-1.bionic_amd64.deb ... Unpacking percona-server-client (8.0.26-16-1.bionic) over (8.0.22-13-1.bionic) ... Preparing to unpack .../percona-server-common_8.0.26-16-1.bionic_amd64.deb ... Unpacking percona-server-common (8.0.26-16-1.bionic) over (8.0.22-13-1.bionic) ... Setting up percona-server-common (8.0.26-16-1.bionic) ... Setting up percona-server-client (8.0.26-16-1.bionic) ... Setting up percona-server-server (8.0.26-16-1.bionic) ... * Percona Server is distributed with several useful UDF (User Defined Function) from Percona Toolkit. * Run the following commands to create these functions: mysql -e "CREATE FUNCTION fnv1a_64 RETURNS INTEGER SONAME 'libfnv1a_udf.so'" mysql -e "CREATE FUNCTION fnv_64 RETURNS INTEGER SONAME 'libfnv_udf.so'" mysql -e "CREATE FUNCTION murmur_hash RETURNS INTEGER SONAME 'libmurmur_udf.so'" * See http://www.percona.com/doc/percona-server/8.0/management/udf_percona_toolkit.html for more details Processing triggers for libc-bin (2.27-3ubuntu1.4) ... Processing triggers for systemd (237-3ubuntu10.44) ... Processing triggers for man-db (2.8.3-2ubuntu0.1) ... Processing triggers for ureadahead (0.100.0-21) ... root:~# apparmor_parser -r /etc/apparmor.d/usr.sbin.mysqld.in AppArmor parser error for /etc/apparmor.d/usr.sbin.mysqld.in in /etc/apparmor.d/usr.sbin.mysqld.in at line 79: Could not open 'local/usr.sbin.mysqld'

Smart Checklist

Activity

Show:

akompel November 18, 2021 at 1:36 AM

The problem is that the code that is handling apparmor profiles is in "new install" block:

case "$1" in configure) if [ -z "$2" ]; then

"[ -z "$2" ]" means new install (no previous version) - see https://wiki.debian.org/MaintainerScripts . Since .23 introduces new apparmor files, dpkg installs these files on the system but postinst does nothing about them since it is an upgrade from .22 - not new install. As a result, *.in files are left as is.

I recommend moving the code dealing with pre-existing profiles to preinst script. Package /etc/apparmor.d/usr.sbin.mysqld as is. Then create /etc/apparmor.d/local/usr.sbin.mysqld in postinst in the same manner as dh-apparmor debhelper does it: https://git.launchpad.net/ubuntu/+source/apparmor/tree/debian/debhelper/postinst-apparmor?h=debian/sid

 

Serhii Stasiuk November 17, 2021 at 10:44 AM

Thanks for this report,
Issue will be fixed in the next 8.0.* release

Done

Details

Assignee

Reporter

Time tracking

43m logged43m remaining

Components

Fix versions

Affects versions

Priority

Smart Checklist

Created November 16, 2021 at 7:31 PM
Updated July 4, 2024 at 6:29 AM
Resolved March 2, 2022 at 11:05 PM