{ "version": "https://jsonfeed.org/version/1.1", "user_comment": "This feed allows you to read the posts from this site in any feed reader that supports the JSON Feed format. To add this feed to your reader, copy the following URL -- https://matoken.org/blog/tag/apparmor/feed/json/ -- and add it your reader.", "home_page_url": "https://matoken.org/blog/tag/apparmor/", "feed_url": "https://matoken.org/blog/tag/apparmor/feed/json/", "language": "ja", "title": "apparmor – matoken's blog", "description": "Is there no plan B?", "icon": "https://matoken.org/blog/wp-content/uploads/2025/03/cropped-1865f695c4eecc844385acef2f078255036adccd42c254580ea3844543ab56d9.jpeg", "items": [ { "id": "http://matoken.org/blog/?p=1836", "url": "https://matoken.org/blog/2018/02/18/i-changed-mysqls-datadir-and-it-got-scolded-by-apparmor-and-it-not-start/", "title": "mysql\u306edatadir\u3092\u5909\u66f4\u3057\u305f\u3089apparmor\u306b\u6012\u3089\u308c\u3066\u8d77\u52d5\u3057\u306a\u304f\u306a\u3063\u305f", "content_html": "

\u30c7\u30a3\u30b9\u30af\u306e\u90fd\u5408\u3067mysql\u306e\u30c7\u30fc\u30bf\u306e\u7f6e\u304d\u5834\u6240\u3092\u5909\u66f4\u3057\u307e\u3057\u305f\uff0e
\nmysqld\u3092\u505c\u6b62\u3057\u3066\uff0c\u30c7\u30fc\u30bf\u3092\u79fb\u52d5\u3057\u3066\uff0c\u30b7\u30f3\u30dc\u30ea\u30c3\u30af\u30ea\u30f3\u30af\u3082\u4e00\u5fdc\u8cbc\u3063\u3066\u304a\u304f\uff0e
\n/etc/mysql/mysql.conf.d/mysqld.cnf\u3067datadir\u3092\u5909\u66f4\uff0e

\n
\n
[mysqld]\r\ndatadir         = /export/data/var/lib/mysql\r\n
\n
\n

\u3053\u306e\u72b6\u614b\u3067mysql\u3092\u8d77\u52d5\u3059\u308b\u3068\u3053\u3093\u306a\u611f\u3058\u306e\u30a8\u30e9\u30fc\u3067\u8d77\u52d5\u3057\u306a\u304f\u306a\u3063\u3066\u3057\u307e\u3044\u307e\u3057\u305f\uff0e

\n
\n
2018-02-17T16:12:54.184655Z 0 [ERROR] InnoDB: The innodb_system data file 'ibdata1' must be writable\r\n2018-02-17T16:12:54.184718Z 0 [ERROR] InnoDB: The innodb_system data file 'ibdata1' must be writable\r\n2018-02-17T16:12:54.184734Z 0 [ERROR] InnoDB: Plugin initialization aborted with error Generic error\r\n2018-02-17T16:12:54.785643Z 0 [ERROR] Plugin 'InnoDB' init function returned error.\r\n2018-02-17T16:12:54.786151Z 0 [ERROR] Plugin 'InnoDB' registration as a STORAGE ENGINE failed.\r\n2018-02-17T16:12:54.786272Z 0 [ERROR] Failed to initialize builtin plugins.\r\n2018-02-17T16:12:54.786415Z 0 [ERROR] Aborting\r\n
\n
\n

\u8a72\u5f53\u30d5\u30a1\u30a4\u30eb\u306f\u4e00\u898b\u554f\u984c\u7121\u3055\u305d\u3046\u306b\u898b\u3048\u307e\u3059\uff0e

\n
\n
$ sudo ls -la /export/data/var/lib/mysql/ibdata1\r\n-rw-rw---- 1 mysql mysql 102760448  2\u6708 18 05:15 /export/data/var/lib/mysql/ibdata1\r\n$ sudo -u mysql dd if=/export/data/var/lib/mysql/ibdata1 bs=10 count=1|od -xc\r\n1+0 \u30ec\u30b3\u30fc\u30c9\u5165\u529b\r\n1+0 \u30ec\u30b3\u30fc\u30c9\u51fa\u529b\r\n10 bytes copied, 9.8366e-05 s, 102 kB/s\r\n0000000    2214    405b    0000    0000    0000\r\n        024   "   [   @  \\0  \\0  \\0  \\0  \\0  \\0\r\n0000012\r\n
\n
\n

\u4f55\u3067\u3060?\u3068\u601d\u3063\u305f\u3089kernel log\u306b\u3053\u3093\u306a\u30ed\u30b0\u304c\uff0eapparmor\u3067\u5f15\u3063\u304b\u304b\u3063\u3066\u3044\u308b\u3088\u3046\u3067\u3059\uff0e

\n
\n
Feb 18 00:35:26 micro kernel: [ 3569.631324] audit: type=1400 audit(1518881726.300:24): apparmor="DENIED" operation="open" prof\r\nile="/usr/sbin/mysqld" name="/proc/18795/status" pid=18795 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=114 ouid=114\r\n
\n
\n

/etc/apparmor.d/usr.sbin.mysqld\u3067\u30d1\u30b9\u3092\u5909\u66f4\u3057\u307e\u3059\uff0e

\n
\n
diff --git a/apparmor.d/usr.sbin.mysqld b/apparmor.d/usr.sbin.mysqld\r\nindex 2619e7d..adb8259 100644\r\n--- a/apparmor.d/usr.sbin.mysqld   \r\n+++ b/apparmor.d/usr.sbin.mysqld\r\n@@ -46,16 +46,16 @@\r\n   /usr/share/mysql/** r,  \r\n\r\n # Allow data dir access   \r\n-  /var/lib/mysql/ r,\r\n-  /var/lib/mysql/** rwk,  \r\n+  /export/data/var/lib/mysql/ r,  \r\n+  /export/data/var/lib/mysql/** rwk,\r\n\r\n # Allow data files dir access\r\n-  /var/lib/mysql-files/ r,\r\n-  /var/lib/mysql-files/** rwk,\r\n+  /export/data/var/lib/mysql-files/ r,\r\n+  /export/data/var/lib/mysql-files/** rwk,\r\n\r\n # Allow keyring dir access\r\n-  /var/lib/mysql-keyring/ r,\r\n-  /var/lib/mysql-keyring/** rwk, \r\n+  /export/data/var/lib/mysql-keyring/ r,\r\n+  /export/data/var/lib/mysql-keyring/** rwk,\r\n\r\n # Allow log file access \r\n   /var/log/mysql.err rw,\r\n
\n
\n

\u3053\u306e\u72b6\u614b\u3067apparmor\u3092\u518d\u8d77\u52d5\u3057\u3066\u8a2d\u5b9a\u3092\u53cd\u6620\u3057\u3066\u304b\u3089mysql\u3092\u8d77\u52d5\u3067OK\u3067\u3057\u305f\uff0e

\n
\n
$ sudo service apparmor restart\r\n$ sudo service mysql start\r\n
\n
\n

\u3053\u306e\u5f8ciostat -x\u3092\u773a\u3081\u3066\u5927\u4e08\u592b\u305d\u3046\u304b\u306a\u30fc\u3063\u3066\u601d\u3063\u305f\u306e\u3067\u3059\u304c\u30c7\u30a3\u30b9\u30af\u30a2\u30af\u30bb\u30b9\u97f3\u304c\u5927\u304d\u304f\u306a\u3063\u305f\u306e\u3067\u307e\u305f\u5225\u306e\u5834\u6240\u306b\u79fb\u52d5\u3059\u308b\u304b\u3082\u2026\u2026\uff0e

\n

\u74b0\u5883

\n
\n
$ dpkg-query -W mysql-server\r\nmysql-server    5.7.21-0ubuntu0.16.04.1\r\n$ lsb_release -a\r\nDistributor ID: Ubuntu\r\nDescription:    Ubuntu 16.04.3 LTS\r\nRelease:        16.04\r\nCodename:       xenial\r\n$ uname -m\r\nx86_64\r\n
\n
\n

\n", "content_text": "\u30c7\u30a3\u30b9\u30af\u306e\u90fd\u5408\u3067mysql\u306e\u30c7\u30fc\u30bf\u306e\u7f6e\u304d\u5834\u6240\u3092\u5909\u66f4\u3057\u307e\u3057\u305f\uff0e\nmysqld\u3092\u505c\u6b62\u3057\u3066\uff0c\u30c7\u30fc\u30bf\u3092\u79fb\u52d5\u3057\u3066\uff0c\u30b7\u30f3\u30dc\u30ea\u30c3\u30af\u30ea\u30f3\u30af\u3082\u4e00\u5fdc\u8cbc\u3063\u3066\u304a\u304f\uff0e\n/etc/mysql/mysql.conf.d/mysqld.cnf\u3067datadir\u3092\u5909\u66f4\uff0e\n\n[mysqld]\r\ndatadir = /export/data/var/lib/mysql\r\n\n\n\u3053\u306e\u72b6\u614b\u3067mysql\u3092\u8d77\u52d5\u3059\u308b\u3068\u3053\u3093\u306a\u611f\u3058\u306e\u30a8\u30e9\u30fc\u3067\u8d77\u52d5\u3057\u306a\u304f\u306a\u3063\u3066\u3057\u307e\u3044\u307e\u3057\u305f\uff0e\n\n2018-02-17T16:12:54.184655Z 0 [ERROR] InnoDB: The innodb_system data file 'ibdata1' must be writable\r\n2018-02-17T16:12:54.184718Z 0 [ERROR] InnoDB: The innodb_system data file 'ibdata1' must be writable\r\n2018-02-17T16:12:54.184734Z 0 [ERROR] InnoDB: Plugin initialization aborted with error Generic error\r\n2018-02-17T16:12:54.785643Z 0 [ERROR] Plugin 'InnoDB' init function returned error.\r\n2018-02-17T16:12:54.786151Z 0 [ERROR] Plugin 'InnoDB' registration as a STORAGE ENGINE failed.\r\n2018-02-17T16:12:54.786272Z 0 [ERROR] Failed to initialize builtin plugins.\r\n2018-02-17T16:12:54.786415Z 0 [ERROR] Aborting\r\n\n\n\u8a72\u5f53\u30d5\u30a1\u30a4\u30eb\u306f\u4e00\u898b\u554f\u984c\u7121\u3055\u305d\u3046\u306b\u898b\u3048\u307e\u3059\uff0e\n\n$ sudo ls -la /export/data/var/lib/mysql/ibdata1\r\n-rw-rw---- 1 mysql mysql 102760448 2\u6708 18 05:15 /export/data/var/lib/mysql/ibdata1\r\n$ sudo -u mysql dd if=/export/data/var/lib/mysql/ibdata1 bs=10 count=1|od -xc\r\n1+0 \u30ec\u30b3\u30fc\u30c9\u5165\u529b\r\n1+0 \u30ec\u30b3\u30fc\u30c9\u51fa\u529b\r\n10 bytes copied, 9.8366e-05 s, 102 kB/s\r\n0000000 2214 405b 0000 0000 0000\r\n 024 " [ @ \\0 \\0 \\0 \\0 \\0 \\0\r\n0000012\r\n\n\n\u4f55\u3067\u3060?\u3068\u601d\u3063\u305f\u3089kernel log\u306b\u3053\u3093\u306a\u30ed\u30b0\u304c\uff0eapparmor\u3067\u5f15\u3063\u304b\u304b\u3063\u3066\u3044\u308b\u3088\u3046\u3067\u3059\uff0e\n\nFeb 18 00:35:26 micro kernel: [ 3569.631324] audit: type=1400 audit(1518881726.300:24): apparmor="DENIED" operation="open" prof\r\nile="/usr/sbin/mysqld" name="/proc/18795/status" pid=18795 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=114 ouid=114\r\n\n\n/etc/apparmor.d/usr.sbin.mysqld\u3067\u30d1\u30b9\u3092\u5909\u66f4\u3057\u307e\u3059\uff0e\n\ndiff --git a/apparmor.d/usr.sbin.mysqld b/apparmor.d/usr.sbin.mysqld\r\nindex 2619e7d..adb8259 100644\r\n--- a/apparmor.d/usr.sbin.mysqld \r\n+++ b/apparmor.d/usr.sbin.mysqld\r\n@@ -46,16 +46,16 @@\r\n /usr/share/mysql/** r, \r\n\r\n # Allow data dir access \r\n- /var/lib/mysql/ r,\r\n- /var/lib/mysql/** rwk, \r\n+ /export/data/var/lib/mysql/ r, \r\n+ /export/data/var/lib/mysql/** rwk,\r\n\r\n # Allow data files dir access\r\n- /var/lib/mysql-files/ r,\r\n- /var/lib/mysql-files/** rwk,\r\n+ /export/data/var/lib/mysql-files/ r,\r\n+ /export/data/var/lib/mysql-files/** rwk,\r\n\r\n # Allow keyring dir access\r\n- /var/lib/mysql-keyring/ r,\r\n- /var/lib/mysql-keyring/** rwk, \r\n+ /export/data/var/lib/mysql-keyring/ r,\r\n+ /export/data/var/lib/mysql-keyring/** rwk,\r\n\r\n # Allow log file access \r\n /var/log/mysql.err rw,\r\n\n\n\u3053\u306e\u72b6\u614b\u3067apparmor\u3092\u518d\u8d77\u52d5\u3057\u3066\u8a2d\u5b9a\u3092\u53cd\u6620\u3057\u3066\u304b\u3089mysql\u3092\u8d77\u52d5\u3067OK\u3067\u3057\u305f\uff0e\n\n$ sudo service apparmor restart\r\n$ sudo service mysql start\r\n\n\n\u3053\u306e\u5f8ciostat -x\u3092\u773a\u3081\u3066\u5927\u4e08\u592b\u305d\u3046\u304b\u306a\u30fc\u3063\u3066\u601d\u3063\u305f\u306e\u3067\u3059\u304c\u30c7\u30a3\u30b9\u30af\u30a2\u30af\u30bb\u30b9\u97f3\u304c\u5927\u304d\u304f\u306a\u3063\u305f\u306e\u3067\u307e\u305f\u5225\u306e\u5834\u6240\u306b\u79fb\u52d5\u3059\u308b\u304b\u3082\u2026\u2026\uff0e\n\u74b0\u5883\n\n$ dpkg-query -W mysql-server\r\nmysql-server 5.7.21-0ubuntu0.16.04.1\r\n$ lsb_release -a\r\nDistributor ID: Ubuntu\r\nDescription: Ubuntu 16.04.3 LTS\r\nRelease: 16.04\r\nCodename: xenial\r\n$ uname -m\r\nx86_64", "date_published": "2018-02-18T18:52:17+09:00", "date_modified": "2018-02-18T18:52:17+09:00", "authors": [ { "name": "matoken", "url": "https://matoken.org/blog/author/matoken/", "avatar": "https://secure.gravatar.com/avatar/38f5f3b575c5eb45cda6aa659bca119ac7a5e16b46565e869d0030e3bd66981d?s=512&d=mm&r=g" } ], "author": { "name": "matoken", "url": "https://matoken.org/blog/author/matoken/", "avatar": "https://secure.gravatar.com/avatar/38f5f3b575c5eb45cda6aa659bca119ac7a5e16b46565e869d0030e3bd66981d?s=512&d=mm&r=g" }, "tags": [ "apparmor", "mysql", "Linux", "Ubuntu", "xenial(16.04)" ] } ] }