Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Broken apparmor profile after 8.0.22-13 -> 8.0.23-14 upgrade

Description

percona-server-server package version 8.0.23-14-1.bionic installs incorrect apparmor config on upgrade. 

The package installs 2 apparmor files: /etc/apparmor.d/usr.sbin.mysqld.in and /etc/apparmor.d/local/usr.sbin.mysqld.in. postinst code is supposed to rename them, but that code only runs on fresh install so *.in files are left untouched after upgrade.  /etc/apparmor.d/usr.sbin.mysqld.in references local/usr.sbin.mysqld which does not exist so the profile fails to load.

The issued was introduced as part of https://jira.percona.com/browse/PS-7049 fix: https://github.com/percona/percona-server/commit/85f49bcd5209f791f3db9a2949db656ee19bc290

 

Environment

Ubuntu 18.04

Activity

akompel 
November 18, 2021 at 1:36 AM

The problem is that the code that is handling apparmor profiles is in "new install" block:

"[ -z "$2" ]" means new install (no previous version) - see https://wiki.debian.org/MaintainerScripts . Since .23 introduces new apparmor files, dpkg installs these files on the system but postinst does nothing about them since it is an upgrade from .22 - not new install. As a result, *.in files are left as is.

I recommend moving the code dealing with pre-existing profiles to preinst script. Package /etc/apparmor.d/usr.sbin.mysqld as is. Then create /etc/apparmor.d/local/usr.sbin.mysqld in postinst in the same manner as dh-apparmor debhelper does it: https://git.launchpad.net/ubuntu/+source/apparmor/tree/debian/debhelper/postinst-apparmor?h=debian/sid

 

Serhii Stasiuk 
November 17, 2021 at 10:44 AM

Thanks for this report,
Issue will be fixed in the next 8.0.* release

Done

Details

Assignee

Reporter

Time tracking

43m logged43m remaining

Components

Fix versions

Affects versions

Priority

Created November 16, 2021 at 7:31 PM
Updated July 4, 2024 at 6:29 AM
Resolved March 2, 2022 at 11:05 PM