如何在Ubuntu上为mysql获取正确的AppArmor配置文件?

前端之家收集整理的这篇文章主要介绍了如何在Ubuntu上为mysql获取正确的AppArmor配置文件?前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
我想我有一个旧的个人资料(复制如下).

我不知道在哪里寻找正确的配置文件.

是否有标准apparmor配置文件的权威来源 – 或者它是否在mysql代码中?

是否有更新配置文件的标准方法或我必须手动弄清楚它应该是什么?

例如

sudo apparmor get-updated-profile-for MysqL

MysqL 5.7 / Ubuntu 16.04

目前:

/etc/apparmor.d$cat usr.sbin.MysqLd 
# vim:Syntax=apparmor
# Last Modified: Tue Jun 19 17:37:30 2007
#include <tunables/global>

/usr/sbin/MysqLd {
#include <abstractions/base>
#include <abstractions/nameservice>
#include <abstractions/user-tmp>
#include <abstractions/MysqL>
#include <abstractions/winbind>

capability dac_override,capability sys_resource,capability setgid,capability setuid,network tcp,/etc/hosts.allow r,/etc/hosts.deny r,/etc/MysqL/*.pem r,/etc/MysqL/conf.d/ r,/etc/MysqL/conf.d/* r,/etc/MysqL/*.cnf r,/usr/lib/MysqL/plugin/ r,/usr/lib/MysqL/plugin/*.so* mr,/usr/sbin/MysqLd mr,/usr/share/MysqL/** r,/var/log/MysqL.log rw,/var/log/MysqL.err rw,/var/lib/MysqL/ r,/var/lib/MysqL/** rwk,/var/log/MysqL/ r,/var/log/MysqL/* rw,/var/run/MysqLd/MysqLd.pid rw,/var/run/MysqLd/MysqLd.sock w,/var/run/MysqLd/MysqLd.sock.lock rw,/run/MysqLd/MysqLd.pid rw,/run/MysqLd/MysqLd.sock w,/run/MysqLd/MysqLd.sock.lock rw,/sys/devices/system/cpu/ r,# Site-specific additions and overrides. See local/README for details.
#include <local/usr.sbin.MysqLd>
}
好的 – 所以启动一个干净的ubuntu服务器并安装MysqL似乎是获得’正确’配置文件的合理方法.目前如下:
# vim:Syntax=apparmor
# Last Modified: Tue Feb 09 15:28:30 2016
#include <tunables/global>

/usr/sbin/MysqLd {
  #include <abstractions/base>
  #include <abstractions/nameservice>
  #include <abstractions/user-tmp>
  #include <abstractions/MysqL>
  #include <abstractions/winbind>

# Allow system resource access
  /sys/devices/system/cpu/ r,capability dac_override,# Allow network access
  network tcp,# Allow config access
  /etc/MysqL/** r,# Allow pid,socket,socket lock file access
  /var/run/MysqLd/MysqLd.pid rw,/var/run/MysqLd/MysqLd.sock rw,/run/MysqLd/MysqLd.sock rw,# Allow execution of server binary
  /usr/sbin/MysqLd mr,/usr/sbin/MysqLd-debug mr,# Allow plugin access
  /usr/lib/MysqL/plugin/ r,# Allow error msg and charset access
  /usr/share/MysqL/ r,# Allow data dir access
  /var/lib/MysqL/ r,# Allow data files dir access
  /var/lib/MysqL-files/ r,/var/lib/MysqL-files/** rwk,# Allow keyring dir access
  /var/lib/MysqL-keyring/ r,/var/lib/MysqL-keyring/** rwk,# Allow log file access
  /var/log/MysqL.err rw,/var/log/MysqL/** rw,# Site-specific additions and overrides. See local/README for details.
  #include <local/usr.sbin.MysqLd>
}
原文链接:https://www.f2er.com/ubuntu/347842.html

猜你在找的Ubuntu相关文章