Xbstream and xbcrypt policy for apparmor, selinux

Description

I ran some tests and found that xbstream and xbcrypt cannot access the mysql data directory when the apparmor/selinux policy is enforced. For example, if xbstream is used to stream an individual file from /var/lib/mysql, the access is denied and the syslogs display the errors:

Some users might stream/encrypt mysql data files to another location.

What should be the apparmor, selinux policy for xbstream and xbcrypt?

Environment

None

Smart Checklist

Activity

Show:

Jan Mynar February 19, 2025 at 7:56 PM

I asked Kamil about the previous implementation, and it was done only for PXC and PS

Details

Assignee

Reporter

Labels

Time tracking

2h logged

Affects versions

Priority

Smart Checklist

Created April 12, 2021 at 1:21 PM
Updated 7 hours ago