Xbstream and xbcrypt policy for apparmor, selinux
General
Escalation
General
Escalation
Description
Environment
None
Smart Checklist
Activity
Show:
Jan Mynar February 19, 2025 at 7:56 PM
I asked Kamil about the previous implementation, and it was done only for PXC and PS
Details
Details
Assignee
Kamil HolubickiReporter
Manish ChawlaLabels
Time tracking
2h logged
Affects versions
Priority
MediumSmart Checklist
Open Smart Checklist
Smart Checklist
Open Smart Checklist
Created April 12, 2021 at 1:21 PM
Updated 7 hours ago
I ran some tests and found that xbstream and xbcrypt cannot access the mysql data directory when the apparmor/selinux policy is enforced. For example, if xbstream is used to stream an individual file from /var/lib/mysql, the access is denied and the syslogs display the errors:
Some users might stream/encrypt mysql data files to another location.
What should be the apparmor, selinux policy for xbstream and xbcrypt?