|
@@ -1,53 +0,0 @@
|
|
|
-# vim:syntax=apparmor
|
|
|
-# Last Modified: Tue Jun 19 17:37:30 2007
|
|
|
-#include <tunables/global>
|
|
|
-
|
|
|
-/usr/sbin/mysqld {
|
|
|
- #include <abstractions/base>
|
|
|
- #include <abstractions/nameservice>
|
|
|
- #include <abstractions/user-tmp>
|
|
|
- #include <abstractions/mysql>
|
|
|
- #include <abstractions/winbind>
|
|
|
-
|
|
|
- capability dac_override,
|
|
|
- capability sys_resource,
|
|
|
- capability setgid,
|
|
|
- capability setuid,
|
|
|
-
|
|
|
- network tcp,
|
|
|
-
|
|
|
- /etc/hosts.allow r,
|
|
|
- /etc/hosts.deny r,
|
|
|
-
|
|
|
- /etc/mysql/*.pem r,
|
|
|
- /etc/mysql/conf.d/ r,
|
|
|
- /etc/mysql/conf.d/* r,
|
|
|
- /etc/mysql/*.cnf r,
|
|
|
- /usr/lib/mysql/plugin/ r,
|
|
|
- /usr/lib/mysql/plugin/*.so* mr,
|
|
|
- /usr/sbin/mysqld mr,
|
|
|
- /usr/share/mysql/** r,
|
|
|
- /var/log/** rwk,
|
|
|
- /var/log/mysql.log rw,
|
|
|
- /var/log/mysql.err rw,
|
|
|
- /var/lib/mysql/ r,
|
|
|
- /var/lib/mysql/** rwk,
|
|
|
- /var/log/mysql/ r,
|
|
|
- /var/log/mysql/* rw,
|
|
|
- /var/run/mysqld/mysqld.pid w,
|
|
|
- /var/run/mysqld/mysqld.sock w,
|
|
|
- /run/mysqld/** rwk,
|
|
|
- /run/mysqld/mysqld.pid w,
|
|
|
- /run/mysqld/mysqld.sock w,
|
|
|
- /ssd/log/mysql.log rw,
|
|
|
- /ssd/log/mysql.err rw,
|
|
|
- /ssd/mysql/ r,
|
|
|
- /ssd/mysql/** rwk,
|
|
|
- /ssd/log/mysql/ r,
|
|
|
- /ssd/log/mysql/* rw,
|
|
|
-
|
|
|
- /sys/devices/system/cpu/ r,
|
|
|
-
|
|
|
- # Site-specific additions and overrides. See local/README for details.
|
|
|
- #include <local/usr.sbin.mysqld>
|
|
|
-}
|