How can I use docker without sudo?

Question

Hooman Bahreini

Asked: 2019-05-20 04:55:22 +0800 CST2019-05-20 04:55:22 +0800 CST 2019-05-20 04:55:22 +0800 CST

How to disable AppArmor for MySQL

772

I have followed the instructions here to set up a Galera cluster. The instruction says I need to disable appArmor:

Disabling AppArmor

By default, some servers—for instance, Ubuntu—include AppArmor, which may prevent mysqld from opening additional ports or running scripts. You must disable AppArmor or configure it to allow mysqld...

So I followed the instructions and executed, the following commands:

sudo ln -s /etc/apparmor.d/usr /etc/apparmor.d/disable/.sbin.mysqld
sudo service apparmor restart

I have completed the cluster configuration. But I am not sure if I have correctly disabled the AppArmor, because when I run:

sudo aa-status

I get:

... some more output here
2 processes have profiles defined.
1 processes are in enforce mode.
   /usr/sbin/mysqld (1938)
1 processes are in complain mode.
snap.amazon-ssm-agent.amazon-ssm-agent (1295)
0 processes are unconfined but have a profile defined.

I see mysqld is in enforce mode... what does this mean? Does it mean AppArmor is disabled for MySQL? Is it possible to disable AppArmor all together?

2 Answers

Voted

George Udosen · Answer 1 · 2019-05-20T07:20:29+08:00

AppArmor confinement is provided via profiles loaded into the kernel, typically on boot. AppArmor profiles can be in one of two modes: enforcement and complain. Profiles loaded in enforcement mode will result in enforcement of the policy defined in the profile as well as reporting policy violation attempts (either via syslog or auditd). Profiles in complain mode will not enforce policy but instead report policy violation attempts.

"What does it mean?"; It means restrictions for the AppArmor profile for mysql will be enforced.

"Can it be disabled"; yes it can, how:

sudo ln -s /etc/apparmor.d/{profile.name-here} /etc/apparmor.d/disable/    
sudo apparmor_parser -R /etc/apparmor.d/{profile.name-name-here}

Example:

sudo ln -s /etc/apparmor.d/usr.sbin.mysqld /etc/apparmor.d/disable/
sudo apparmor_parser -R /etc/apparmor.d/usr.sbin.mysqld

Then run the command sudo aa-status to see if the mysql profile is loaded.

To re-enable:

sudo rm /etc/apparmor.d/disable/usr.sbin.mysqld
sudo apparmor_parser -r /etc/apparmor.d/usr.sbin.mysqld
sudo aa-status

See:

https://www.cyberciti.biz/faq/ubuntu-linux-howto-disable-apparmor-commands/

https://wiki.ubuntu.com/AppArmor

https://help.ubuntu.com/community/AppArmor

rjose · Answer 2 · 2020-07-27T01:18:35+08:00

rjose

2020-07-27T01:18:35+08:002020-07-27T01:18:35+08:00

If you're getting an error in 20.04 when storing a password in a keychain, that's AppArmor securing snap applications.

You can fix this by clicking "Permissions" in Ubuntu Software when viewing the MySQL Workbench app. Turn on the reading/writing passwords permission.

15

How to disable AppArmor for MySQL

How to install Google Chrome

Is there a command to list all users? Also to add, delete, modify users, in the terminal?

How to delete a non-empty directory in Terminal?

How to unzip a zip file from the Terminal?

How can I copy the contents of a folder to another folder in a different directory using terminal?

How do I install a .deb file via the command line?

How do I run .sh scripts?

How do I install a .tar.gz (or .tar.bz2) file?

How to list all installed packages

Unable to lock the administration directory (/var/lib/dpkg/) is another process using it?