<% @path = '/etc/apparmor.d/usr.sbin.mysqld' @post = "service apparmor restart" @backup = false %> #include /usr/sbin/mysqld { #include #include #include #include #include capability dac_override, capability sys_resource, capability setgid, capability setuid, network tcp, /etc/hosts.allow r, /etc/hosts.deny r, /etc/mysql/*.pem r, /etc/mysql/conf.d/ r, /etc/mysql/conf.d/* r, /etc/mysql/my.cnf r, /usr/sbin/mysqld mr, /usr/share/mysql/** r, /var/log/mysql.log rw, /var/log/mysql.err rw, /var/lib/mysql/ r, /var/lib/mysql/** rwk, /var/log/mysql/ r, /var/log/mysql/* rw, /{,var/}run/mysqld/mysqld.pid w, /{,var/}run/mysqld/mysqld.sock w, /etc/mtab r, /usr/lib/mysql/plugin/ r, /sys/devices/system/cpu/ r, /sys/devices/system/cpu/** r, <%= rubber_env.db_root_dir %>/ r, <%= rubber_env.db_root_dir %>/** rwk, }