Public bug reported:
Ubuntu's systemd implementation is passing a relative path for the
sytemd-notify socket 'run/systemd/notify' into the environment of the
mariadb.service unit-file. This breaks apparmor, since apparmor profile
rules require an absolute path '/run/systemd/notify rw,'.
Please fix this so I can enforce an apparmor profile with mariadb.
Nota Bene: the mysql-sever package doesn't have this problem. As far as
i can tell, this is because that package doesn't interact with the
systemd-notify socket, but I could be wrong.
I spoke with some patrons of #systemd on irc.freenode.net who claim this
is a bug in Ubuntu's systemd implementation, stating that it shouldn't
pass a relative path to the /run/systemd/notify socket.
Thanks for your maintenance. Systemd sucks but apparmor is cool. Since
your distro integrates both of these technologies, please fix this bug.
Thank you,
Matt Rush
OSCP, OSCE
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: systemd 237-3ubuntu10.4
ProcVersionSignature: Ubuntu 4.15.0-1025.25-aws 4.15.18
Uname: Linux 4.15.0-1025-aws x86_64
ApportVersion: 2.20.9-0ubuntu7.4
Architecture: amd64
Date: Wed Dec 5 17:35:09 2018
Ec2AMI: ami-0ac019f4fcb7cb7e6
Ec2AMIManifest: (unknown)
Ec2AvailabilityZone: us-east-1b
Ec2InstanceType: t2.medium
Ec2Kernel: unavailable
Ec2Ramdisk: unavailable
Lsusb: Error: command ['lsusb'] failed with exit code 1:
MachineType: Xen HVM domU
ProcEnviron:
TERM=xterm-256color
PATH=(custom, no user)
LANG=en_US.UTF-8
SHELL=/bin/bash
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.15.0-1025-aws
root=UUID=bbf64c6d-bc15-4ae0-aa4c-608fd9820d95 ro console=tty1 console=ttyS0
nvme.io_timeout=4294967295
SourcePackage: systemd
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 08/24/2006
dmi.bios.vendor: Xen
dmi.bios.version: 4.2.amazon
dmi.chassis.type: 1
dmi.chassis.vendor: Xen
dmi.modalias:
dmi:bvnXen:bvr4.2.amazon:bd08/24/2006:svnXen:pnHVMdomU:pvr4.2.amazon:cvnXen:ct1:cvr:
dmi.product.name: HVM domU
dmi.product.version: 4.2.amazon
dmi.sys.vendor: Xen
** Affects: systemd (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug bionic ec2-images
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1807057
Title:
Systemd passes a relative path to the unit-file for mariadb.service,
which breaks apparmor.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1807057/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
