我想我有一个旧的个人资料(复制如下).
我不知道在哪里寻找正确的配置文件.
是否有标准apparmor配置文件的权威来源 – 或者它是否在mysql源代码中?
是否有更新配置文件的标准方法或我必须手动弄清楚它应该是什么?
例如
sudo apparmor get-updated-profile-for mysql
MySQL 5.7 / Ubuntu 16.04
目前:
/etc/apparmor.d$cat usr.sbin.mysqld # vim:syntax=apparmor # Last Modified: Tue Jun 19 17:37:30 2007 #include <tunables/global> /usr/sbin/mysqld { #include <abstractions/base> #include <abstractions/nameservice> #include <abstractions/user-tmp> #include <abstractions/mysql> #include <abstractions/winbind> capability dac_override,capability sys_resource,capability setgid,capability setuid,network tcp,/etc/hosts.allow r,/etc/hosts.deny r,/etc/mysql/*.pem r,/etc/mysql/conf.d/ r,/etc/mysql/conf.d/* r,/etc/mysql/*.cnf r,/usr/lib/mysql/plugin/ r,/usr/lib/mysql/plugin/*.so* mr,/usr/sbin/mysqld mr,/usr/share/mysql/** r,/var/log/mysql.log rw,/var/log/mysql.err rw,/var/lib/mysql/ r,/var/lib/mysql/** rwk,/var/log/mysql/ r,/var/log/mysql/* rw,/var/run/mysqld/mysqld.pid rw,/var/run/mysqld/mysqld.sock w,/var/run/mysqld/mysqld.sock.lock rw,/run/mysqld/mysqld.pid rw,/run/mysqld/mysqld.sock w,/run/mysqld/mysqld.sock.lock rw,/sys/devices/system/cpu/ r,# Site-specific additions and overrides. See local/README for details. #include <local/usr.sbin.mysqld> }
好的 – 所以启动一个干净的ubuntu服务器并安装mysql似乎是获得’正确’配置文件的合理方法.目前如下:
# vim:syntax=apparmor # Last Modified: Tue Feb 09 15:28:30 2016 #include <tunables/global> /usr/sbin/mysqld { #include <abstractions/base> #include <abstractions/nameservice> #include <abstractions/user-tmp> #include <abstractions/mysql> #include <abstractions/winbind> # Allow system resource access /sys/devices/system/cpu/ r,capability dac_override,# Allow network access network tcp,# Allow config access /etc/mysql/** r,# Allow pid,socket,socket lock file access /var/run/mysqld/mysqld.pid rw,/var/run/mysqld/mysqld.sock rw,/run/mysqld/mysqld.sock rw,# Allow execution of server binary /usr/sbin/mysqld mr,/usr/sbin/mysqld-debug mr,# Allow plugin access /usr/lib/mysql/plugin/ r,# Allow error msg and charset access /usr/share/mysql/ r,# Allow data dir access /var/lib/mysql/ r,# Allow data files dir access /var/lib/mysql-files/ r,/var/lib/mysql-files/** rwk,# Allow keyring dir access /var/lib/mysql-keyring/ r,/var/lib/mysql-keyring/** rwk,# Allow log file access /var/log/mysql.err rw,/var/log/mysql/** rw,# Site-specific additions and overrides. See local/README for details. #include <local/usr.sbin.mysqld> }
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。