group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #08914
[Bug 1641285] Re: Hard dependency on apparmor prevents install on SELinux hardened systems
Thank you for the report. I'll supply a patch tomorrow.
** Also affects: mysql-5.7 (Ubuntu Xenial)
Importance: Undecided
Status: New
** Changed in: mysql-5.7 (Ubuntu Xenial)
Status: New => Triaged
** Changed in: mysql-5.7 (Ubuntu Xenial)
Importance: Undecided => High
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1641285
Title:
Hard dependency on apparmor prevents install on SELinux hardened
systems
Status in mysql-5.7 package in Ubuntu:
New
Status in mysql-5.7 source package in Xenial:
Triaged
Bug description:
(bug filled as per request on ubuntu-devel-discuss, excerpt of original report follows. Reference:
https://lists.ubuntu.com/archives/ubuntu-devel-discuss/2016-November/017156.html)
This is on "Ubuntu 16.04.1 LTS"
Observed Problem:
-----------------
Trying to install mysql-server and thereby mysql-server-5.7 on a
16.04 LTS system (server-edition) with selinux installed, aborts with
aptitude complaining that "apparmor" is needed, but not to be
installed.
Cycling through the dependency resolution suggestions from aptitude
only offers to either uninstall selinux or not install mysql-server.
(See typescript and versions below)
Expected behaviour:
-------------------
Server / daemon software such as mysql-server should not have a hard
dependency on any specific Linux Security Module, but depend either on
none or on all in a "one of the following needed" fashion.
Steps to reproduce:
-------------------
a) indirect: just review the dependencies of mysql-server-5.7 by any
preferred way
b) direct:
b.1) install selinux and dependencies (note: selinux-policy-ubuntu is
broken and does not install, explicitly select selinux-policy-default
while requesting selinux). No need to actually activate it.
b.2) run "aptitude install mysql-server"
Appendix:
---------
a) Relevant software versions installed:
----------------------------------------
***@ubuntu:~$ dpkg-query -l $(aptitude search '~i selinux' | cut -c 4-30)
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-==========================-==================-==================-=========================================================
ii libselinux1:amd64 2.4-3build2 amd64 SELinux runtime shared libraries
ii python-selinux 2.4-3build2 amd64 Python bindings to SELinux shared libraries
ii python3-selinux 2.4-3build2 amd64 Python3 bindings to SELinux shared libraries
ii selinux 1:0.11 all Security-Enhanced Linux runtime support
ii selinux-basics 0.5.2 all SELinux basic support
ii selinux-policy-default 2:2.20140421-9 all Strict and Targeted variants of the SELinux policy
ii selinux-policy-dev 2:2.20140421-9 all Headers from the SELinux reference policy for building mo
ii selinux-policy-src 2:2.20140421-9 all Source of the SELinux reference policy for customization
ii selinux-utils 2.4-3build2 amd64 SELinux utility programs
***@ubuntu:~$ apt-cache policy selinux mysql-server-5.7 apparmor
selinux:
Installed: 1:0.11
Candidate: 1:0.11
Version table:
*** 1:0.11 500
500 http://de.archive.ubuntu.com/ubuntu xenial/universe amd64 Packages
500 http://de.archive.ubuntu.com/ubuntu xenial/universe i386 Packages
100 /var/lib/dpkg/status
mysql-server-5.7:
Installed: (none)
Candidate: 5.7.16-0ubuntu0.16.04.1
Version table:
5.7.16-0ubuntu0.16.04.1 500
500 http://de.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages
500 http://security.ubuntu.com/ubuntu xenial-security/main amd64 Packages
5.7.11-0ubuntu6 500
500 http://de.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
apparmor:
Installed: (none)
Candidate: 2.10.95-0ubuntu2.5
Version table:
2.10.95-0ubuntu2.5 500
500 http://de.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages
2.10.95-0ubuntu2 500
500 http://de.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
b) Typescript of failed attempt
-------------------------------
root@ubuntu ~ # se_aptitude --without-recommends install mysql-server
Authenticating ***.
Password:
The following NEW packages will be installed:
apparmor{a} libapparmor-perl{a} libevent-core-2.0-5{a} mysql-client-5.7{a} mysql-client-core-5.7{a} mysql-common{a}
mysql-server mysql-server-5.7{a} mysql-server-core-5.7{a}
The following packages are RECOMMENDED but will NOT be installed:
libhtml-template-perl
0 packages upgraded, 9 newly installed, 0 to remove and 8 not upgraded.
Need to get 18.7 MB of archives. After unpacking 162 MB will be used.
The following packages have unmet dependencies:
selinux : Conflicts: apparmor but 2.10.95-0ubuntu2.5 is to be installed.
The following actions will resolve these dependencies:
Remove the following packages:
1) selinux
Accept this solution? [Y/n/q/?] n
The following actions will resolve these dependencies:
Keep the following packages at their current version:
1) apparmor [Not Installed]
2) mysql-server [Not Installed]
3) mysql-server-5.7 [Not Installed]
Accept this solution? [Y/n/q/?] n
*** No more solutions available ***
The following actions will resolve these dependencies:
Keep the following packages at their current version:
1) apparmor [Not Installed]
2) mysql-server [Not Installed]
3) mysql-server-5.7 [Not Installed]
Accept this solution? [Y/n/q/?] q
Abandoning all efforts to resolve these dependencies.
Abort.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mysql-5.7/+bug/1641285/+subscriptions
