我正在尝试将 mysql 数据目录更改为 zfs 数据集。
我已经更改了 mysql.cnf 和 /etc/apparmor.d/usr.sbin.mysqld,但仍然有错误。我收到错误即使我试图阻止 apparmor服务systemctl stop apparmor.service。我也尝试在 /etc/apparmor.d/disable 中创建到 /etc/apparmor.d/usr.sbin.mysqld 的链接。
我也尝试过这(不明白为什么它应该起作用,但无论如何都尝试避免我的问题被标记为重复)并且它失败了。
似乎 apparmor 不再听我的。是我做错了什么,还是与奇点?
这是我的退出apparmor_status方式systemctl stop apparmor.service
15 profiles are loaded.
15 profiles are in enforce mode.
/sbin/dhclient
/usr/bin/lxc-start
/usr/lib/NetworkManager/nm-dhcp-client.action
/usr/lib/NetworkManager/nm-dhcp-helper
/usr/lib/connman/scripts/dhclient-script
/usr/lib/lxd/lxd-bridge-proxy
/usr/lib/snapd/snap-confine
/usr/lib/snapd/snap-confine//mount-namespace-capture-helper
/usr/lib/snapd/snap-confine//snap_update_ns
/usr/sbin/mysqld
/usr/sbin/tcpdump
lxc-container-default
lxc-container-default-cgns
lxc-container-default-with-mounting
lxc-container-default-with-nesting
0 profiles are in complain mode.
0 processes have profiles defined.
0 processes are in enforce mode.
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.
journalctl -xe这些是尝试启动 mysql 失败后出现的错误:
ene 06 12:56:32 mantra audit[3967]: AVC apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/proc/3967/status" pid=3967 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=114 ouid=114
ene 06 12:56:32 mantra audit[3967]: AVC apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/sys/devices/system/node/" pid=3967 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=114 ouid=0
ene 06 12:56:32 mantra audit[3967]: AVC apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/proc/3967/status" pid=3967 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=114 ouid=114
ene 06 12:56:32 mantra kernel: audit: type=1400 audit(1515239792.499:95): apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/proc/3967/status" pid=3967 comm="mysqld" requested_mask="r" denied_m
ene 06 12:56:32 mantra kernel: audit: type=1400 audit(1515239792.499:96): apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/sys/devices/system/node/" pid=3967 comm="mysqld" requested_mask="r"
ene 06 12:56:32 mantra kernel: audit: type=1400 audit(1515239792.499:97): apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/proc/3967/status" pid=3967 comm="mysqld" requested_mask="r" denied_m
ene 06 12:56:32 mantra kernel: audit: type=1400 audit(1515239792.675:98): apparmor="DENIED" operation="mknod" profile="/usr/sbin/mysqld" name="/pit/mysql/mantra.lower-test" pid=3967 comm="mysqld" requested_mask=
ene 06 12:56:32 mantra audit[3967]: AVC apparmor="DENIED" operation="mknod" profile="/usr/sbin/mysqld" name="/pit/mysql/mantra.lower-test" pid=3967 comm="mysqld" requested_mask="c" denied_mask="c" fsuid=114 ouid
ene 06 12:56:32 mantra audit[3967]: AVC apparmor="DENIED" operation="mknod" profile="/usr/sbin/mysqld" name="/pit/mysql/mantra.lower-test" pid=3967 comm="mysqld" requested_mask="c" denied_mask="c" fsuid=114 ouid
ene 06 12:56:32 mantra audit[3967]: AVC apparmor="DENIED" operation="mknod" profile="/usr/sbin/mysqld" name="/pit/mysql/mantra.lower-test" pid=3967 comm="mysqld" requested_mask="c" denied_mask="c" fsuid=114 ouid
ene 06 12:56:32 mantra kernel: audit: type=1400 audit(1515239792.683:99): apparmor="DENIED" operation="mknod" profile="/usr/sbin/mysqld" name="/pit/mysql/mantra.lower-test" pid=3967 comm="mysqld" requested_mask=
ene 06 12:56:32 mantra kernel: audit: type=1400 audit(1515239792.683:100): apparmor="DENIED" operation="mknod" profile="/usr/sbin/mysqld" name="/pit/mysql/mantra.lower-test" pid=3967 comm="mysqld" requested_mask
ene 06 12:56:32 mantra audit[3967]: AVC apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/pit/mysql/ibdata1" pid=3967 comm="mysqld" requested_mask="wr" denied_mask="wr" fsuid=114 ouid=114
ene 06 12:56:32 mantra kernel: audit: type=1400 audit(1515239792.715:101): apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/pit/mysql/ibdata1" pid=3967 comm="mysqld" requested_mask="wr" denie
ene 06 12:56:33 mantra systemd[1]: mysql.service: Main process exited, code=exited, status=1/FAILURE
我可以尝试什么?
答案1
解决了!我仍然不知道为什么 apparmor 没有停止,但我可以更改 datadir。
问题是我正在同一目录中创建/etc/apparmor.d/usr.sbin.mysqld(即usr.sbin.mysql.backup)的备份文件,并且正在处理它后我正在修改的文件,所以更改被覆盖了。大笑。
我发现有用的信息这个帖子安装apparmor-utils并运行后aa-complain,我收到“重复的配置文件”或类似的错误,然后我才意识到问题出在哪里。
我仍然收到有关 /proc/NNN/status 的 apparmor 错误,但我认为这些错误在更改之前就存在了。现在一切都正常。