← Back to team overview

group.of.nepali.translators team mailing list archive

[Bug 1641285] Re: Hard dependency on apparmor prevents install on SELinux hardened systems

 

Thank you for the report. I'll supply a patch tomorrow.

** Also affects: mysql-5.7 (Ubuntu Xenial)
   Importance: Undecided
       Status: New

** Changed in: mysql-5.7 (Ubuntu Xenial)
       Status: New => Triaged

** Changed in: mysql-5.7 (Ubuntu Xenial)
   Importance: Undecided => High

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1641285

Title:
  Hard dependency on apparmor prevents install on SELinux hardened
  systems

Status in mysql-5.7 package in Ubuntu:
  New
Status in mysql-5.7 source package in Xenial:
  Triaged

Bug description:
  (bug filled as per request on ubuntu-devel-discuss, excerpt of original report follows.  Reference:
  https://lists.ubuntu.com/archives/ubuntu-devel-discuss/2016-November/017156.html)

  This is on "Ubuntu 16.04.1 LTS"

  Observed Problem:
  -----------------

  Trying to install mysql-server and thereby mysql-server-5.7 on a
  16.04 LTS system (server-edition) with selinux installed, aborts with
  aptitude complaining that "apparmor" is needed, but not to be
  installed.

  Cycling through the dependency resolution suggestions from aptitude
  only offers to either uninstall selinux or not install mysql-server.

  (See typescript and versions below)

  
  Expected behaviour:
  -------------------

  Server / daemon software such as mysql-server should not have a hard
  dependency on any specific Linux Security Module, but depend either on
  none or on all in a "one of the following needed" fashion.

  
  Steps to reproduce:
  -------------------

  a) indirect: just review the dependencies of mysql-server-5.7 by any
     preferred way

  b) direct:

  b.1) install selinux and dependencies (note: selinux-policy-ubuntu is
  broken and does not install, explicitly select selinux-policy-default
  while requesting selinux).  No need to actually activate it.

  b.2) run "aptitude install mysql-server"

  
  Appendix:
  ---------

  a) Relevant software versions installed:
  ----------------------------------------

  ***@ubuntu:~$ dpkg-query -l $(aptitude search '~i selinux' | cut -c 4-30)
  Desired=Unknown/Install/Remove/Purge/Hold
  | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
  |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
  ||/ Name                       Version            Architecture       Description
  +++-==========================-==================-==================-=========================================================
  ii  libselinux1:amd64          2.4-3build2        amd64              SELinux runtime shared libraries
  ii  python-selinux             2.4-3build2        amd64              Python bindings to SELinux shared libraries
  ii  python3-selinux            2.4-3build2        amd64              Python3 bindings to SELinux shared libraries
  ii  selinux                    1:0.11             all                Security-Enhanced Linux runtime support
  ii  selinux-basics             0.5.2              all                SELinux basic support
  ii  selinux-policy-default     2:2.20140421-9     all                Strict and Targeted variants of the SELinux policy
  ii  selinux-policy-dev         2:2.20140421-9     all                Headers from the SELinux reference policy for building mo
  ii  selinux-policy-src         2:2.20140421-9     all                Source of the SELinux reference policy for customization
  ii  selinux-utils              2.4-3build2        amd64              SELinux utility programs
  ***@ubuntu:~$ apt-cache policy selinux mysql-server-5.7 apparmor
  selinux:
    Installed: 1:0.11
    Candidate: 1:0.11
    Version table:
   *** 1:0.11 500
          500 http://de.archive.ubuntu.com/ubuntu xenial/universe amd64 Packages
          500 http://de.archive.ubuntu.com/ubuntu xenial/universe i386 Packages
          100 /var/lib/dpkg/status
  mysql-server-5.7:
    Installed: (none)
    Candidate: 5.7.16-0ubuntu0.16.04.1
    Version table:
       5.7.16-0ubuntu0.16.04.1 500
          500 http://de.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages
          500 http://security.ubuntu.com/ubuntu xenial-security/main amd64 Packages
       5.7.11-0ubuntu6 500
          500 http://de.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
  apparmor:
    Installed: (none)
    Candidate: 2.10.95-0ubuntu2.5
    Version table:
       2.10.95-0ubuntu2.5 500
          500 http://de.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages
       2.10.95-0ubuntu2 500
          500 http://de.archive.ubuntu.com/ubuntu xenial/main amd64 Packages

  
  b) Typescript of failed attempt
  -------------------------------

  root@ubuntu ~ # se_aptitude --without-recommends install mysql-server
  Authenticating ***.
  Password:
  The following NEW packages will be installed:
    apparmor{a} libapparmor-perl{a} libevent-core-2.0-5{a} mysql-client-5.7{a} mysql-client-core-5.7{a} mysql-common{a}
    mysql-server mysql-server-5.7{a} mysql-server-core-5.7{a}
  The following packages are RECOMMENDED but will NOT be installed:
    libhtml-template-perl
  0 packages upgraded, 9 newly installed, 0 to remove and 8 not upgraded.
  Need to get 18.7 MB of archives. After unpacking 162 MB will be used.
  The following packages have unmet dependencies:
   selinux : Conflicts: apparmor but 2.10.95-0ubuntu2.5 is to be installed.
  The following actions will resolve these dependencies:

       Remove the following packages:
  1)     selinux

  Accept this solution? [Y/n/q/?] n
  The following actions will resolve these dependencies:

       Keep the following packages at their current version:
  1)     apparmor [Not Installed]
  2)     mysql-server [Not Installed]
  3)     mysql-server-5.7 [Not Installed]

  Accept this solution? [Y/n/q/?] n

  *** No more solutions available ***

  The following actions will resolve these dependencies:

       Keep the following packages at their current version:
  1)     apparmor [Not Installed]
  2)     mysql-server [Not Installed]
  3)     mysql-server-5.7 [Not Installed]

  Accept this solution? [Y/n/q/?] q
  Abandoning all efforts to resolve these dependencies.
  Abort.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mysql-5.7/+bug/1641285/+subscriptions