Somehow AppArmor got FUBARd

[RonRN18]

I tried to log in to ZoneMinder (latest version on Ubuntu 22.04.3) and got an error saying that it could not connect to the database. I looked to see services and initially I saw that MySQL was running but then I noticed that AppArmor was NOT running and this was related to MySQL. I looked up logs for AppArmor and see:

Code: Select all

Jan 10 11:38:00 zoneminder systemd[1]: Starting Load AppArmor profiles...
Jan 10 11:38:00 zoneminder apparmor.systemd[1801]: Restarting AppArmor
Jan 10 11:38:00 zoneminder apparmor.systemd[1801]: Reloading AppArmor profiles
Jan 10 11:38:00 zoneminder apparmor.systemd[1836]: Skipping profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd
Jan 10 11:38:00 zoneminder apparmor.systemd[1835]: AppArmor parser error for /etc/apparmor.d in profile /etc/apparmor.d/usr.sbin.mysqld at line 9: Could not open 'abstractions/mysql'
Jan 10 11:38:01 zoneminder apparmor.systemd[1971]: AppArmor parser error for /etc/apparmor.d/usr.sbin.mysqld in profile /etc/apparmor.d/usr.sbin.mysqld at line 9: Could not open 'abstractions/mysql'
Jan 10 11:38:01 zoneminder apparmor.systemd[1973]: Skipping profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd
Jan 10 11:38:01 zoneminder apparmor.systemd[1801]: Error: At least one profile failed to load
Jan 10 11:38:01 zoneminder systemd[1]: apparmor.service: Main process exited, code=exited, status=1/FAILURE
Jan 10 11:38:01 zoneminder systemd[1]: apparmor.service: Failed with result 'exit-code'.
Jan 10 11:38:01 zoneminder systemd[1]: Failed to start Load AppArmor profiles.
Jan 10 11:38:01 zoneminder systemd[1]: apparmor.service: Consumed 1.977s CPU time.

I do not know what happened to cause this issue. I'm not quite sure how to fix it without erasing everything.

[burger]

The logs say it's a parsing error on the apparmor file for mysql, so try copying a working one from another machine. I've had scenarios where copying from a working machine has worked in the past.

Another option you have is to install and configure mariadb instead of mysql. I took a quick look at the apparmor file for mariadb and it says the following:

Code: Select all

# This file is intentionally empty to disable apparmor by default for newer
# versions of MariaDB, while providing seamless upgrade from older versions
# and from mysql, where apparmor is used.
#
# By default, we do not want to have any apparmor profile for the MariaDB
# server. It does not provide much useful functionality/security, and causes
# several problems for users who often are not even aware that apparmor
# exists and runs on their system.
#
# Users can modify and maintain their own profile, and in this case it will
# be used.
#
# When upgrading from previous version, users who modified the profile
# will be prompted to keep or discard it, while for default installs
# we will automatically disable the profile.

So Mariadb doesn't use apparmor, at least yet, and would avoid these problems. I'm not sure if you can migrate a db from mysql to mariadb however. That is something I haven't tried.