[Lxc-users] MySQL SSL and apparmor
TuxRaiderPen
tuxraiderpen at wpascanner.com
Wed Sep 5 12:47:18 UTC 2012
I am trying to enable SSL for MySQL in my LAMP server container.
I followed:
https://mifosforge.jira.com/wiki/display/MIFOS/How+to+enable+MySQL+SSL+on+Ubuntu
Went through all the key steps.
But still no SSL...
mysql> show variables like "%ssl%";
+---------------+----------------------------+
| Variable_name | Value |
+---------------+----------------------------+
| have_openssl | DISABLED |
| have_ssl | DISABLED |
| ssl_ca | /etc/mysql/ca-cert.pem |
| ssl_capath | |
| ssl_cert | /etc/mysql/server-cert.pem |
| ssl_cipher | |
| ssl_key | /etc/mysql/server-key.pem |
+---------------+----------------------------+
7 rows in set (0.08 sec)
mysql>
So I look around and found
http://ubuntuforums.org/showthread.php?t=1121458
which looks like the solution that apparmor is blocking this
So I edit
/etc/apparmor.d/usr.sbin.mysqld
ubuntu at LAMPServer:~$ more /etc/apparmor.d/usr.sbin.mysqld
# vim:syntax=apparmor
# Last Modified: Tue Jun 19 17:37:30 2007
#include <tunables/global>
/usr/sbin/mysqld {
#include <abstractions/base>
#include <abstractions/nameservice>
#include <abstractions/user-tmp>
#include <abstractions/mysql>
#include <abstractions/winbind>
capability dac_override,
capability sys_resource,
capability setgid,
capability setuid,
network tcp,
/etc/hosts.allow r,
/etc/hosts.deny r,
/etc/mysql/*.pem r,
/etc/mysql/*.crt r,
/etc/mysql/*.key r,
/etc/mysql/conf.d/ r,
/etc/mysql/conf.d/* r,
/etc/mysql/*.cnf r,
/usr/lib/mysql/plugin/ r,
/usr/lib/mysql/plugin/*.so* mr,
/usr/sbin/mysqld mr,
/usr/share/mysql/** r,
/var/log/mysql.log rw,
/var/log/mysql.err rw,
/var/lib/mysql/ r,
/var/lib/mysql/** rwk,
/var/log/mysql/ r,
/var/log/mysql/* rw,
/var/run/mysqld/mysqld.pid w,
/var/run/mysqld/mysqld.sock w,
/run/mysqld/mysqld.pid w,
/run/mysqld/mysqld.sock w,
/sys/devices/system/cpu/ r,
# Site-specific additions and overrides. See local/README for details.
#include <local/usr.sbin.mysqld>
}
ubuntu at LAMPServer:~$
Still disabled....
Ok reload the profiles...
Ok... none of the commands I have for that seem to work...
ubuntu at LAMPServer:~$ sudo service apparmor restart
[sudo] password for ubuntu:
apparmor: unrecognized service
ubuntu at LAMPServer:~$ sudo apparmor_status
sudo: apparmor_status: command not found
ubuntu at LAMPServer:~$ sudo apparmor_status
sudo: apparmor_status: command not found
ubuntu at LAMPServer:~$ sudo invoke-rc.d apparmor reload
invoke-rc.d: unknown initscript, /etc/init.d/apparmor not found.
ubuntu at LAMPServer:~$ sudo apparmor_parser -r /etc/apparmor.d/usr.sbin.mysqld
sudo: apparmor_parser: command not found
ubuntu at LAMPServer:~$
Short of shutting the container down and restarting, which doesn't seem very
"Linux-y" ? ? ?
Clues hints, clubs, tar, pitchfork... ? ? ?
Thanks!
More information about the lxc-users
mailing list