Latest News & Blog

apparmor="DENIED"

apparmor blocking mysql after upgrade to 16.04

Thursday 6 September, 2018

We have just come across a strange quirk when upgrading a LAMP stack from Ubuntu 14.04 to Ubuntu 16.04 using do-release-upgrade.

After a successful upgrade and reboot, mysql was left not starting. The logs said;

 


Sep  6 15:48:01 tag kernel: [  553.491510] audit: type=1400 audit(1536245281.030:39): apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/proc/2216/status" pid=2216 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=106 ouid=106

Sep  6 15:48:01 tag kernel: [  553.493722] audit: type=1400 audit(1536245281.030:40): apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/sys/devices/system/node/" pid=2216 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=106 ouid=0

Sep  6 15:48:01 tag kernel: [  553.493849] audit: type=1400 audit(1536245281.030:41): apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/proc/2216/status" pid=2216 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=106 ouid=106

The solution we found was to add the following to /etc/apparmor.d/local/usr.sbin.mysqld


/sys/devices/system/node/ r,
@{PROC}/@{pid}/status r,
/sys/devices/system/node/node*/meminfo r,

Then;


sudo service apparmor reload
sudo service mysql restart

 

Written By...

Lee Simpson

Software Engineer, Linux Wizard, proud father of 3 boys