Today’s fun was with apparmor. What was a simple MySQL statement to load a bunch of data from a file to a database:
mysql> LOAD DATA INFILE '/var/tmp/some_log_file'
-> INTO TABLE entries
-> FIELDS TERMINATED BY ',';
ERROR 29 (HY000): File '/var/tmp/cosmote.ro.osn1z0.web_access.log.0.4' not found (Errcode: 13)
… was constantly failing for no good reason. It took something like 30′ of pointless online searching until it hit me:
# tail -0f /var/log/syslog
Feb 8 19:11:44 hs21-a kernel: [15359.215686] type=1400 audit(1328721104.742:113): apparmor="DENIED" operation="open" parent=1 profile="/usr/sbin/mysqld" name="/var/tmp/cosmote.ro.osn1z0.web_access.log.0.4" pid=15623 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=105 ouid=0
Well I guess it’s just like SELinux. There is a parallel universe out there where apparmor just works. Just not this one.