I freaking hate AppArmor! Of course only because I don't want to be bothered when an update makes a mess of it - I really don't know how it works but I don't want to need to know either. Some months ago I tried out Logitech Media Server on my box, and it screwed it up big time. Now it seems there has been an update, so it doesn't accept symlinks anymore. It seems logical that it shouldn't, but Ubuntu could have done a better job fixing it - or maybe it's because I had already edited it, that it didn't get updated..? A search
lead me to an issue at Launchpad
about it, but I've only skimmed through it.
Anyways, today when I rebooted MySQL wouldn't run and /var/log/syslog was filled with entries like this:
Mar 30 11:55:31 tanghus kernel: [ 1309.198481] type=1400 audit(1333101331.343:97): apparmor="DENIED" operation="mknod" parent=1 profile="/usr/sbin/mysqld" name="/run/mysqld/mysqld.sock" pid=7192 comm="mysqld" requested_mask="c" denied_mask="c" fsuid=114 ouid=114
Mar 30 11:55:36 tanghus kernel: [ 1314.463559] init: mysql main process (7192) terminated with status 1
Mar 30 11:55:36 tanghus kernel: [ 1314.463606] init: mysql main process ended, respawning
Mar 30 11:56:01 tanghus kernel: [ 1339.105333] init: mysql post-start process (7194) terminated with status 1
Mar 30 11:56:01 tanghus kernel: [ 1339.111425] type=1400 audit(1333101361.335:98): apparmor="STATUS" operation="profile_replace" name="/usr/sbin/mysqld" pid=7291 comm="apparmor_parser"
To fix it edit
and replace the lines:
and restart mysql by running
sudo service mysql restart
- if it doesn't respawn by itself. AppArmor should automagically refresh from the change of it's configuration file, otherwise run
sudo service apparmor restart