| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051 |
- # vim:syntax=apparmor
- # Last Modified: Tue Jun 19 17:37:30 2007
- #include <tunables/global>
- /usr/sbin/mysqld {
- #include <abstractions/base>
- #include <abstractions/nameservice>
- #include <abstractions/user-tmp>
- #include <abstractions/mysql>
- #include <abstractions/winbind>
- capability dac_override,
- capability sys_resource,
- capability setgid,
- capability setuid,
- network tcp,
- /etc/hosts.allow r,
- /etc/hosts.deny r,
- /etc/mysql/*.pem r,
- /etc/mysql/conf.d/ r,
- /etc/mysql/conf.d/* r,
- /etc/mysql/*.cnf r,
- /usr/lib/mysql/plugin/ r,
- /usr/lib/mysql/plugin/*.so* mr,
- /usr/sbin/mysqld mr,
- /usr/share/mysql/** r,
- /var/log/mysql.log rw,
- /var/log/mysql.err rw,
- /var/lib/mysql/ r,
- /var/lib/mysql/** rwk,
- /var/log/mysql/ r,
- /var/log/mysql/* rw,
- /var/run/mysqld/mysqld.pid w,
- /var/run/mysqld/mysqld.sock w,
- /run/mysqld/mysqld.pid w,
- /run/mysqld/mysqld.sock w,
- /ssd/log/mysql.log rw,
- /ssd/log/mysql.err rw,
- /ssd/mysql/ r,
- /ssd/mysql/** rwk,
- /ssd/log/mysql/ r,
- /ssd/log/mysql/* rw,
- /sys/devices/system/cpu/ r,
- # Site-specific additions and overrides. See local/README for details.
- #include <local/usr.sbin.mysqld>
- }
|
