Hi Otto!
Am Fr, Apr 03, 2026 at 23:37:00 +0900 schrieb Otto Kekäläinen:
With the following lines in /etc/apparmor.d/local/mariadb MariaDB is
starting in enforce mode:
capability sys_resource,
capability dac_read_search,
capability dac_override,
capability setgid,
capability setuid,
Maybe they are needed for sysvinit user.
Thanks for reporting!
Are you sure every one of those are needed? Did you test those lines
individually or just added all at once?
Well, the first three came from the apparmor log included in the bug
report.
After that the write error was gone, but the DB wouldn’t start (missing
setgid). After that it wouldn’t start (missing setuid). So at least the
last two are needed.
I don’t know if some of the first three are not really needed. I simply
added all apparmor errors.
Based on the logs you shared in
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132027 the server
fails to start as it is unable to read the data directory
/var/lib/mysql, which is the standard data directory and this type of
failure is a bit surprising as we surely tested it before rolling out
It is really surprising because apparmor doesn’t log anything with
read/write errors.
the change. Could it be that you have something additional customized
in your MariaDB or general Debian settings?
Nope. Another system had the same problem without any customized
settings.
Did you test with sysvinit as well? The two systems with this bug are all
sysvinit/elogind systems.
Happy eastern
Stephan
--
| If your life was a horse, you'd have to shoot it. |
