Å×½ºÆ® ȯ°æ : Ubuntu 16.04 LTS
# mysql -V
mysql Ver 14.14 Distrib 5.7.16, for Linux (x86_64) using EditLine wrapper
Áõ»ó : mysql datadir º¯°æÀ» À§ÇØ mysql.conf ÆÄÀÏÀ» ¼öÁ¤ÈÄ µ¥¸óÀ» Àç½ÃÀÛÇÏ´Â °úÁ¤¿¡¼ ¾Æ·¡¿Í °°Àº ¿¡·¯¹ß»ý
# tail -f /var/log/mysql/error.log
2016-12-14T05:02:36.050835Z 0 [Warning] Changed limits: max_open_files: 1024 (requested 5000)
2016-12-14T05:02:36.050880Z 0 [Warning] Changed limits: table_open_cache: 431 (requested 2000)
2016-12-14T05:02:36.206919Z 0 [Warning] TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details).
2016-12-14T05:02:36.207217Z 0 [Warning] Can't create test file /mnt/mysql/leekh-vm46.lower-test
2016-12-14T05:02:36.207249Z 0 [Note] /usr/sbin/mysqld (mysqld 5.7.16-0ubuntu0.16.04.1) starting as process 30872 ...
2016-12-14T05:02:36.210197Z 0 [Warning] Can't create test file /mnt/mysql/leekh-vm46.lower-test
2016-12-14T05:02:36.210226Z 0 [Warning] Can't create test file /mnt/mysql/leekh-vm46.lower-test
2016-12-14T05:02:36.212774Z 0 [Note] InnoDB: PUNCH HOLE support available
2016-12-14T05:02:36.212821Z 0 [Note] InnoDB: Mutexes and rw_locks use GCC atomic builtins
2016-12-14T05:02:36.212847Z 0 [Note] InnoDB: Uses event mutexes
2016-12-14T05:02:36.212865Z 0 [Note] InnoDB: GCC builtin __atomic_thread_fence() is used for memory barrier
2016-12-14T05:02:36.212882Z 0 [Note] InnoDB: Compressed tables use zlib 1.2.8
2016-12-14T05:02:36.212918Z 0 [Note] InnoDB: Using Linux native AIO
2016-12-14T05:02:36.213215Z 0 [Note] InnoDB: Number of pools: 1
2016-12-14T05:02:36.213366Z 0 [Note] InnoDB: Using CPU crc32 instructions
2016-12-14T05:02:36.214971Z 0 [Note] InnoDB: Initializing buffer pool, total size = 128M, instances = 1, chunk size = 128M
2016-12-14T05:02:36.224290Z 0 [Note] InnoDB: Completed initialization of buffer pool
2016-12-14T05:02:36.226654Z 0 [Note] InnoDB: If the mysqld execution user is authorized, page cleaner thread priority can be changed. See the man page of setpriority().
2016-12-14T05:02:36.236736Z 0 [ERROR] InnoDB: The innodb_system data file 'ibdata1' must be writable
2016-12-14T05:02:36.236801Z 0 [ERROR] InnoDB: The innodb_system data file 'ibdata1' must be writable
2016-12-14T05:02:36.236820Z 0 [ERROR] InnoDB: Plugin initialization aborted with error Generic error
2016-12-14T05:02:36.837736Z 0 [ERROR] Plugin 'InnoDB' init function returned error.
2016-12-14T05:02:36.837896Z 0 [ERROR] Plugin 'InnoDB' registration as a STORAGE ENGINE failed.
2016-12-14T05:02:36.837946Z 0 [ERROR] Failed to initialize plugins.
2016-12-14T05:02:36.837989Z 0 [ERROR] Aborting
2016-12-14T05:02:36.838038Z 0 [Note] Binlog end
2016-12-14T05:02:36.838186Z 0 [Note] Shutting down plugin 'CSV'
2016-12-14T05:02:36.838250Z 0 [Note] Shutting down plugin 'MyISAM'
2016-12-14T05:02:36.838808Z 0 [Note] /usr/sbin/mysqld: Shutdown complete
# dmess -T
[Wed Dec 14 14:00:03 2016] audit: type=1400 audit(1481691603.708:3941): apparmor="DENIED" operation="mknod" profile="/usr/sbin/mysqld" name="/mnt/mysql/leekh-vm46.lower-test" pid=30428 comm="mysqld" requested_mask="c" denied_mask="c" fsuid=111 ouid=111
[Wed Dec 14 14:00:03 2016] audit: type=1400 audit(1481691603.708:3942): apparmor="DENIED" operation="mknod" profile="/usr/sbin/mysqld" name="/mnt/mysql/leekh-vm46.lower-test" pid=30428 comm="mysqld" requested_mask="c" denied_mask="c" fsuid=111 ouid=111
[Wed Dec 14 14:00:03 2016] audit: type=1400 audit(1481691603.736:3943): apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/mnt/mysql/ibdata1" pid=30428 comm="mysqld" requested_mask="wr" denied_mask="wr" fsuid=111 ouid=111
:: aa-status - Displays various information about the currently loaded AppArmor policy.
# aa-status
apparmor module is loaded.
13 profiles are loaded.
13 profiles are in enforce mode.
/sbin/dhclient
/usr/bin/lxc-start
/usr/bin/ubuntu-core-launcher
/usr/lib/NetworkManager/nm-dhcp-client.action
/usr/lib/NetworkManager/nm-dhcp-helper
/usr/lib/connman/scripts/dhclient-script
/usr/lib/lxd/lxd-bridge-proxy
/usr/sbin/mysqld
/usr/sbin/tcpdump
lxc-container-default
lxc-container-default-cgns
lxc-container-default-with-mounting
lxc-container-default-with-nesting
0 profiles are in complain mode.
2 processes have profiles defined.
2 processes are in enforce mode.
/sbin/dhclient (951)
/sbin/dhclient (1010)
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.
Á¶Ä¡
¹æ¹ý1) mysql ¼ºñ½º Apparmor º¸¾ÈÁ¤Ã¥ disable
# apt install apparmor-utils
# aa-disable /etc/apparmor.d/usr.sbin.mysqld
Disabling /etc/apparmor.d/usr.sbin.mysqld.
# aa-status
apparmor module is loaded.
12 profiles are loaded.
12 profiles are in enforce mode.
/sbin/dhclient
/usr/bin/lxc-start
/usr/bin/ubuntu-core-launcher
/usr/lib/NetworkManager/nm-dhcp-client.action
/usr/lib/NetworkManager/nm-dhcp-helper
/usr/lib/connman/scripts/dhclient-script
/usr/lib/lxd/lxd-bridge-proxy
/usr/sbin/tcpdump
lxc-container-default
lxc-container-default-cgns
lxc-container-default-with-mounting
lxc-container-default-with-nesting
0 profiles are in complain mode.
2 processes have profiles defined.
2 processes are in enforce mode.
/sbin/dhclient (951)
/sbin/dhclient (1010)
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.
¹æ¹ý2) Apparmor ¼ºñ½º¿¡ mysql µð·ºÅ丮 º¯°æ
# vim /etc/apparmor.d/usr.sbin/mysqld
# Allow data dir access
# ÁÖ¼®Ã³¸® /var/lib/mysql/ r,
# ÁÖ¼®Ã³¸® /var/lib/mysql/** rwk,
/mnt/mysql/ r,
/mnt/mysql/** rwk,
# service apparmor restart
# service mysql start
