-
-
Notifications
You must be signed in to change notification settings - Fork 691
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AppArmor makes it impossible to LOAD DATA INFILE from outside its designated directories; there should be a way to add CSV import directories to the AppArmor config or disable AppArmor entirely #477
Comments
This seems more related to AppArmor than the duties of the cookbook itself, can this be composed via https://github.com/chef-cookbooks/apparmor? |
As of MySQL 5.7, this would be required anyways unless you disable secure-file-priv it by passing the variable to the conf as NULL, and notify a restart: https://dev.mysql.com/doc/refman/5.7/en/server-system-variables.html#sysvar_secure_file_priv |
How so? It's this cookbook that's creating the AppArmor policy that blocks the LOAD DATA INFILE statement. |
Marking stale due to inactivity. Remove stale label or comment or this will be closed in 7 days. Alternatively drop by the #sous-chefs channel on the Chef Community Slack and we'll be happy to help! Thanks, Sous-Chefs. |
Closing due to inactivity. If this is still an issue please reopen or open another issue. Alternatively drop by the #sous-chefs channel on the Chef Community Slack and we'll be happy to help! Thanks, Sous-Chefs. |
This is a hack, but I'm calling the apparmor cookbook immediately after creating the mysql_service:
... since it's in the mysql_service create function that apparmor gets set up by mysql. Where calling that recipe unloads all apparmor profiles and completely removes apparmor, because I have this attribute set:
|
Cookbook version
Actually my own fork, but this issue should equally apply to the current master here
Chef-client version
Whatever AWS OpsWorks uses
Platform Details
AWS, Ubuntu 16.04
Scenario:
Use
LOAD DATA INFILE
to load CSVs that are located somewhere outside MySQL's data directorySteps to Reproduce:
Provision a box with a recipe that invokes the
mysql_service
resource, then callLOAD DATA INFILE
Expected Result:
LOAD DATA INFILE
worksActual Result:
AppArmor
blocks theLOAD DATA INFILE
call.The text was updated successfully, but these errors were encountered: