05 June 2013

Started from a crazy idea or a quick and dirty hack more precisely, in order to detect insert/update/delete events within MySQL, and therefor react on that by executing some system commands, I found something called lib_mysqludf_sys which enables you to execute system command from within MySQL, and combined with MySQL Trigger I might achieve what I needed.

Everything went fine until I migrated database from my MBP to a Linux workstation. I got 32256 response after executing system command and it looked that it was because of permission denied.

Well, then after googling for a while, AppArmor came into my sight. Alright, then I tried to configure it as following:

/tmp/* r,
/tmp/notify.sh ix,
/bin/dash ix,
/usr/bin/curl ix,

notify.sh is the script I want execute, /bin/dash is the actual shell, and /usr/bin/curl is the command used in the script. Generally they should all be here. And the first line actually solves another problem. I tried to import a CSV file into a table but MySQL always complained about /tmp/some.csv not found. It was not because of not found, but AppArmor denied the access.

It looks that AppArmor is super complex as usual and this could be a nice reference page.

blog comments powered by Disqus