Hi Stephan, > With the following lines in /etc/apparmor.d/local/mariadb MariaDB is > starting in enforce mode: > > capability sys_resource, > capability dac_read_search, > capability dac_override, > capability setgid, > capability setuid, > > Maybe they are needed for sysvinit user.
Thanks for reporting! Are you sure every one of those are needed? Did you test those lines individually or just added all at once? If that is the case, I will add all of them in the MR draft at https://salsa.debian.org/mariadb-team/mariadb-server/-/merge_requests/159 Based on the logs you shared in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132027 the server fails to start as it is unable to read the data directory /var/lib/mysql, which is the standard data directory and this type of failure is a bit surprising as we surely tested it before rolling out the change. Could it be that you have something additional customized in your MariaDB or general Debian settings?
