Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AppArmor makes it impossible to LOAD DATA INFILE from outside its designated directories; there should be a way to add CSV import directories to the AppArmor config or disable AppArmor entirely #477

Open
ExplodingCabbage opened this issue Sep 15, 2016 · 6 comments
Open

AppArmor makes it impossible to LOAD DATA INFILE from outside its designated directories; there should be a way to add CSV import directories to the AppArmor config or disable AppArmor entirely #477

ExplodingCabbage opened this issue Sep 15, 2016 · 6 comments
Labels
Bug Something isn't working hacktoberfest An issue highlighted for the digital ocean Hacktoberfest Event

Comments

@ExplodingCabbage
Copy link
Contributor

Cookbook version

Actually my own fork, but this issue should equally apply to the current master here

Chef-client version

Whatever AWS OpsWorks uses

Platform Details

AWS, Ubuntu 16.04

Scenario:

Use LOAD DATA INFILE to load CSVs that are located somewhere outside MySQL's data directory

Steps to Reproduce:

Provision a box with a recipe that invokes the mysql_service resource, then call LOAD DATA INFILE

Expected Result:

LOAD DATA INFILE works

Actual Result:

AppArmor blocks the LOAD DATA INFILE call.
@cheeseplus
Copy link

This seems more related to AppArmor than the duties of the cookbook itself, can this be composed via https://github.com/chef-cookbooks/apparmor?

@nvidhive
Copy link

As of MySQL 5.7, this would be required anyways unless you disable secure-file-priv it by passing the variable to the conf as NULL, and notify a restart: https://dev.mysql.com/doc/refman/5.7/en/server-system-variables.html#sysvar_secure_file_priv

@ExplodingCabbage
Copy link
Contributor Author

This seems more related to AppArmor than the duties of the cookbook itself, can this be composed via https://github.com/chef-cookbooks/apparmor?

How so? It's this cookbook that's creating the AppArmor policy that blocks the LOAD DATA INFILE statement.

@github-actions
Copy link

Marking stale due to inactivity. Remove stale label or comment or this will be closed in 7 days. Alternatively drop by the #sous-chefs channel on the Chef Community Slack and we'll be happy to help! Thanks, Sous-Chefs.

@github-actions github-actions bot added the Stale label Sep 30, 2020
@xorimabot xorimabot removed the Stale label Sep 30, 2020
@ramereth ramereth added hacktoberfest An issue highlighted for the digital ocean Hacktoberfest Event Stale This is marked as stale and will be closed shortly labels Oct 4, 2020
@github-actions
Copy link

Closing due to inactivity. If this is still an issue please reopen or open another issue. Alternatively drop by the #sous-chefs channel on the Chef Community Slack and we'll be happy to help! Thanks, Sous-Chefs.

@deargle
Copy link

deargle commented Oct 22, 2020

This is a hack, but I'm calling the apparmor cookbook immediately after creating the mysql_service:

mysql_service 'default' do
  initial_root_password "#{node[:mysql][:root_password]}"
  bind_address '0.0.0.0'
  port '3306'
  action [:create, :start]
end

include_recipe 'apparmor::default'

... since it's in the mysql_service create function that apparmor gets set up by mysql. Where calling that recipe unloads all apparmor profiles and completely removes apparmor, because I have this attribute set:

default[:apparmor][:disable] = true

@ramereth ramereth reopened this Oct 22, 2020
@ramereth ramereth added Bug Something isn't working and removed Stale This is marked as stale and will be closed shortly labels Oct 22, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug Something isn't working hacktoberfest An issue highlighted for the digital ocean Hacktoberfest Event
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@ramereth @cheeseplus @nvidhive @deargle @ExplodingCabbage @kitchen-porter @xorimabot