# vim:syntax=apparmor # Last Modified: Tue Jun 19 17:37:30 2007 #include /usr/sbin/mysqld flags=(complain) { #include #include #include #include #include capability dac_override, capability sys_resource, capability setgid, capability setuid, network tcp, /etc/hosts.allow r, /etc/hosts.deny r, /etc/mysql/*.pem r, /etc/mysql/conf.d/ r, /etc/mysql/conf.d/* r, /etc/mysql/my.cnf r, /usr/lib/mysql/plugin/ r, /usr/lib/mysql/plugin/*.so* mr, /usr/sbin/mysqld mr, /usr/share/mysql/** r, /var/log/mysql.log rw, /var/log/mysql.err rw, /var/lib/mysql/ r, <%= node['mysql']['data_dir'] %>/ r, <%= node['mysql']['data_dir'] %>/** rwk, /var/log/mysql/ r, /var/log/mysql/* rw, /var/run/mysqld/mysqld.pid w, /var/run/mysqld/mysqld.sock w, /sys/devices/system/cpu/ r, }