411792 – upstream apparmor profile

Bug 411792 - upstream apparmor profile

Summary: upstream apparmor profile

Status:	RESOLVED FIXED

Alias:	None

Product:	Akonadi
Classification:	Frameworks and Libraries
Component:	server (show other bugs)
Version:	unspecified
Platform:	Other Linux

Importance:	NOR normal
Target Milestone:	---
Assignee:	kdepim bugs

URL:
Keywords:

Depends on:
Blocks:

Reported:	2019-09-10 12:32 UTC by Jonathan Riddell
Modified:	2023-04-25 16:41 UTC (History)
CC List:	2 users (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Jonathan Riddell 2019-09-10 12:32:00 UTC

There is an Apparmor profile used by debian,ubuntu, kdeneon and it would make sense to have that in KDE akonadi git for common good and easier maintainance.

The cmake could have a switch -DAPPARMOR=true
which would set -DMYSQLD_EXECUTABLE:STRING=/usr/sbin/mysqld-akonadi 
it would make -DMYSQLD_EXECUTABLE:STRING=/usr/sbin/mysqld-akonadi a symlink to /usr/sbin/mysql

it would install the apparmor profile and do whatever dh_apparmor does to add an extra link and reload it

https://packaging.neon.kde.org/kde/akonadi.git/tree/debian/usr.sbin.mysqld-akonadi?h=Neon/unstable



contact Jamie S from canonical for help

Comment 1 Christophe Marin 2019-09-10 16:04:24 UTC

Well no, it doesn't make sense for the other distributions.

Distro specific hacks shall be added by distributions

Comment 2 Sandro Knauß 2019-09-12 14:19:57 UTC

(In reply to Christophe Giboudeaux from comment #1)
> Well no, it doesn't make sense for the other distributions.
> 
> Distro specific hacks shall be added by distributions

You are right Distro specific hacks should not enter upstream. But this bug report is about getting AppArmor profile into upstream.

I now found a solution to get rid of this symlink and we are able to express everything, we need in Apparmor directly, by using the Px to have a decidated mysql prfile for akonadi.

Comment 3 Sandro Knauß 2019-09-12 14:20:37 UTC

Upps forgotten the link to Differential: https://phabricator.kde.org/D23908

Comment 4 Christophe Marin 2019-09-12 14:23:12 UTC

"mysqld-akonadi" *is* a distro hack

Comment 5 Sandro Knauß 2019-09-12 14:46:37 UTC

(In reply to Christophe Giboudeaux from comment #4)
> "mysqld-akonadi" *is* a distro hack

Have you looked at the Differential?

There mysqld_akonadi is just a name for a mysqld profile, that is used by Akonadi, that has nothing to do with any Distribution.

The initial comment from Jonathan had another distro hack with symlink. But having different profiles for one application is a common thing done in AppArmor and this is needed. As a mysqld runs globally needs other permissions than the instance created by Akonadi.

Comment 6 Christophe Marin 2019-09-12 15:17:15 UTC

Well, it's still only useful for debian and its various forks (ubuntu, neon...)

Comment 7 Sandro Knauß 2019-09-12 15:23:53 UTC

(In reply to Christophe Giboudeaux from comment #6)
> Well, it's still only useful for debian and its various forks (ubuntu,
> neon...)

No - it is useful for everyone who is using AppArmor or pinpoint me to parts, that are distro specific, so I can fix those parts.

Comment 8 Carl Schwan 2023-04-25 16:41:17 UTC

Closing as the relevant phabricator diff was merged