I'm also noticing those on Xenial systems:
audit: type=1400 audit(1485382778.520:28): apparmor="DENIED" operation="open"
profile="/usr/sbin/mysqld" name="/proc/752/status" pid=752 comm="mysqld"
requested_mask="r" denied_mask="r" fsuid=110 ouid=110
audit: type=1400 audit(1485382778.520:29): apparmor="DENIED" operation="open"
profile="/usr/sbin/mysqld" name="/sys/devices/system/node/" pid=752
comm="mysqld" requested_mask="r" denied_mask="r" fsuid=110 ouid=0
On the affected system, there was no noticeable impact (yet?) other than
the denials, so I'd say it's low impact.
On top of the rules mentioned by Kees, adding this one would silence the
other denial:
owner @{PROC}/@{pid}/status r,
Once all 3 rules were added to a test system, no more denials were
logged.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1658233
Title:
missing apparmor rules
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mysql-5.7/+bug/1658233/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
