Ubuntu
digikam package

AppArmor prevents mysqld from working in Digikam's internal-server MySQL mode

Bug #735949 reported by Adam Porter
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
digikam (Ubuntu)
Fix Released
Medium
Unassigned

Bug Description

Binary package hint: apparmor

I was trying to test Digikam's database migration to the "internal server" MySQL mode. It failed every time and I couldn't figure out why. Later I was looking in the kernel logs for another reason and saw these lines:

Mar 15 22:40:17 kubbie kernel: [66325.677327] type=1400 audit(1300246816.762:35715): apparmor="DENIED" operation="open" parent=11367 profile="/usr/sbin/mysqld" n
ame="/sys/devices/system/cpu/" pid=11406 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Mar 15 22:40:17 kubbie kernel: [66325.768133] type=1400 audit(1300246816.854:35716): apparmor="DENIED" operation="open" parent=11367 profile="/usr/sbin/mysqld" name="/home/me/.kde/share/apps/digikam/mysql.conf" pid=11406 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
Mar 15 22:40:18 kubbie kernel: [66326.610800] type=1400 audit(1300246817.694:35717): apparmor="DENIED" operation="mknod" parent=11367 profile="/usr/sbin/mysqld" name="/home/me/.kde/share/apps/digikam/db_data/kubbie.lower-test" pid=11406 comm="mysqld" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
Mar 15 22:40:18 kubbie kernel: [66326.610865] type=1400 audit(1300246817.694:35718): apparmor="DENIED" operation="mknod" parent=11367 profile="/usr/sbin/mysqld" name="/home/me/.kde/share/apps/digikam/db_data/kubbie.lower-test" pid=11406 comm="mysqld" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
Mar 15 22:40:19 kubbie kernel: [66328.836977] type=1400 audit(1300246819.922:35719): apparmor="DENIED" operation="mknod" parent=11367 profile="/usr/sbin/mysqld" name="/home/me/.kde/share/apps/digikam/db_data/ibdata1" pid=11406 comm="mysqld" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000

I'm not sure if this should be reported against apparmor, mysql-server, or digikam.

ProblemType: Bug
DistroRelease: Ubuntu 10.10
Package: apparmor 2.5.1-0ubuntu0.10.10.4 [modified: sbin/apparmor_parser]
ProcVersionSignature: Ubuntu 2.6.35-27.48-generic 2.6.35.11
Uname: Linux 2.6.35-27-generic i686
NonfreeKernelModules: nvidia
Architecture: i386
Date: Wed Mar 16 02:55:38 2011
ProcEnviron:
 LANGUAGE=
 PATH=(custom, user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
ProcKernelCmdline: BOOT_IMAGE=/vmlinuz-2.6.35-27-generic root=/dev/mapper/vg-root ro quiet splash
SourcePackage: apparmor

Revision history for this message
Adam Porter (alphapapa) wrote :
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thank you for using Ubuntu and reporting a bug. The digikam packaging should be updated like akonadi's to use a wrapper script and separate apparmor profile.

affects: apparmor (Ubuntu) → digikam (Ubuntu)
Changed in digikam (Ubuntu):
importance: Undecided → Medium
status: New → Triaged
Felix Geyer (debfx)
Changed in digikam (Ubuntu):
assignee: nobody → Felix Geyer (debfx)
status: Triaged → In Progress
Felix Geyer (debfx)
Changed in digikam (Ubuntu):
assignee: Felix Geyer (debfx) → nobody
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package digikam - 2:1.9.0-1ubuntu1

---------------
digikam (2:1.9.0-1ubuntu1) natty; urgency=low

  * Merge with debian, remaining changes
    - Export .pot name and copy to plugins in debian/rules
  * Add an AppArmor profile for the local mysql server. (LP: #735949)
    - Use a wrapper script for mysqld.
    - Add kubuntu_01_mysqld_executable_name.diff so digikam uses the
      wrapper script instead of directly running mysqld.
  * Make digikam suggest libqt4-sql-mysql and mysql-server-core-5.1.

digikam (2:1.9.0-1) experimental; urgency=low

  * New upstream release
    - Requires packages from http://qt-kde.debian.net/
 -- Felix Geyer <email address hidden> Thu, 17 Mar 2011 11:21:31 +0100

Changed in digikam (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.