Ubuntu – MySQL won’t start because of AppArmor

I'm trying to install mysql-server-5.7 on Kubuntu 16.04, but I'm having trouble.

sudo apt install mysql-server gives the following output.

Setting up mysql-server-5.7 (5.7.18-0ubuntu0.16.04.1) ...
Renaming removed key_buffer and myisam-recover options (if present)
Job for mysql.service failed because the control process exited with error code. See "systemctl status mysql.service" and "journalctl -xe" for details.
invoke-rc.d: initscript mysql, action "start" failed.
● mysql.service - MySQL Community Server
   Loaded: loaded (/lib/systemd/system/mysql.service; enabled; vendor preset: enabled)
   Active: activating (auto-restart) (Result: exit-code) since ons 2017-05-17 09:48:39 CEST; 10ms ago
  Process: 13622 ExecStartPost=/usr/share/mysql/mysql-systemd-start post (code=exited, status=0/SUCCESS)
  Process: 13621 ExecStart=/usr/sbin/mysqld (code=exited, status=2)
  Process: 13612 ExecStartPre=/usr/share/mysql/mysql-systemd-start pre (code=exited, status=0/SUCCESS)
 Main PID: 13621 (code=exited, status=2)

maj 17 09:48:39 anis systemd[1]: Failed to start MySQL Community Server.
maj 17 09:48:39 anis systemd[1]: mysql.service: Unit entered failed state.
maj 17 09:48:39 anis systemd[1]: mysql.service: Failed with result 'exit-code'.
dpkg: error processing package mysql-server-5.7 (--configure):
 subprocess installed post-installation script returned error exit status 1
dpkg: dependency problems prevent configuration of mysql-server:
 mysql-server depends on mysql-server-5.7; however:
  Package mysql-server-5.7 is not configured yet.

dpkg: error processing package mysql-server (--configure):
 dependency problems - leaving unconfigured
Errors were encountered while processing:
 mysql-server-5.7
 mysql-server
E: Sub-process /usr/bin/dpkg returned an error code (1)

And when trying to troubleshoot by running journalctl -xe I get output like the following, which seems to indicate that AppArmor is giving me trouble.

maj 17 09:53:14 anis systemd[1]: Starting MySQL Community Server...
-- Subject: Unit mysql.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit mysql.service has begun starting up.
maj 17 09:53:14 anis audit[14767]: AVC apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/proc/14767/status" pid=14767 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=124 ouid=124
maj 17 09:53:14 anis audit[14767]: AVC apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/sys/devices/system/node/" pid=14767 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=124 ouid=0
maj 17 09:53:14 anis kernel: audit: type=1400 audit(1495007594.314:240): apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/proc/14767/status" pid=14767 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=124 ouid=124
maj 17 09:53:14 anis kernel: audit: type=1400 audit(1495007594.314:241): apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/sys/devices/system/node/" pid=14767 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=124 ouid=0
maj 17 09:53:14 anis kernel: audit: type=1400 audit(1495007594.314:242): apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/proc/14767/status" pid=14767 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=124 ouid=124
maj 17 09:53:14 anis audit[14767]: AVC apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/proc/14767/status" pid=14767 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=124 ouid=124
maj 17 09:53:14 anis audit[14767]: AVC apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/proc/14767/task/14767/mem" pid=14767 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=124 ouid=124
maj 17 09:53:14 anis kernel: audit: type=1400 audit(1495007594.658:243): apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/proc/14767/task/14767/mem" pid=14767 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=124 ouid=124
maj 17 09:53:14 anis systemd[1]: mysql.service: Main process exited, code=exited, status=2/INVALIDARGUMENT

How could I go about solving this issue?

Best Answer

You need to edit your apparmor configuration to let MySQL access those files. The log messages are telling you that /usr/sbin/mysqld needs read (r) access to open /proc/14767/status, /sys/devices/system/node/ (trailing slash because it wants to read the directory), and /proc/14767/task/14767/mem. The file to edit is /etc/apparmor.d/usr.sbin.mysqld.

In my case I solved the problem by adding these lines somewhere in the middle (with two spaces in front of each):

  /proc/*/status r,
  /sys/devices/system/node/ r,
  /sys/devices/system/node/node0/meminfo r,

(Note the trailing slash for the second line.)

After doing that, try starting MySQL, and if you get more errors, add those files too and try again.

Here is an answer I gave to this problem elsewhere.

Best Answer

Related Solutions

Ubuntu – Can’t start MySQL server if the .sock file is changed in /etc/thesql/the.cnf

Ubuntu – Why does mariadb keep dying? How to stop it

Related Question