Seeking feedback from AppArmor users - new profile for MariaDB in Debian

otto@programming.dev

MariaDB's new AppArmor profile is now enforcing in Debian unstable. If you are a dba/sysadmin familiar with AppArmor and using MariaDB, check your logs and share feedback via the Debian bug tracker.

Automated security validation: How 7,000+ tests shaped MariaDB's new AppArmor profile

Linux kernel security modules provide a good additional layer of security around individual programs by restricting what they are allowed to do, and at best block and detect zero-day security vulnerabilities as soon as anyone tries to exploit them, long before they are widely known and reported. However, the challenge is how to create these security profiles without accidentally also blocking legitimate actions. For MariaDB in Debian and Ubuntu, a new AppArmor profile was recently created by leveraging the extensive test suite with 7000+ tests, giving good confidence that AppArmor is unlikely to yield false positive alerts with it.\n

Optimized by Otto (optimizedbyotto.com)