Dev set up

ops/cookbooks/vendor/mysql/templates/default/apparmor/usr.sbin.mysqld-instance.erb

@@ -0,0 +1,14 @@
+/etc/<%= @mysql_name %>/*.pem r,
+/etc/<%= @mysql_name %>/conf.d/ r,
+/etc/<%= @mysql_name %>/conf.d/* r,
+/etc/<%= @mysql_name %>/my.cnf r,
+<%= @config.log_dir %>/ r,
+<%= @config.log_dir %>/* rw,
+<%= @config.data_dir %>/ r,
+<%= @config.data_dir %>/** rwk,
+<%= @config.run_dir %>/** rw,
+<%= @config.pid_file %> rw,
+<%= @config.socket_file %> rw,
+/tmp/<%= @mysql_name %>/ r,
+/tmp/<%= @mysql_name %>/my.sql r,
+<%= @config.tmp_dir %>/* rw,

ops/cookbooks/vendor/mysql/templates/default/apparmor/usr.sbin.mysqld-local.erb

@@ -0,0 +1 @@
+#include <local/mysql>

ops/cookbooks/vendor/mysql/templates/default/apparmor/usr.sbin.mysqld.erb

@@ -0,0 +1,47 @@
+# vim:syntax=apparmor
+# Last Modified: Tue Jun 19 17:37:30 2007
+#include <tunables/global>
+
+/usr/sbin/mysqld {
+  #include <abstractions/base>
+  #include <abstractions/nameservice>
+  #include <abstractions/user-tmp>
+  #include <abstractions/mysql>
+  #include <abstractions/winbind>
+
+  capability dac_override,
+  capability sys_resource,
+  capability setgid,
+  capability setuid,
+
+  network tcp,
+
+  /etc/hosts.allow r,
+  /etc/hosts.deny r,
+
+  /etc/mysql/*.pem r,
+  /etc/mysql/conf.d/ r,
+  /etc/mysql/conf.d/* r,
+  /etc/mysql/*.cnf r,
+  /usr/lib/mysql/plugin/ r,
+  /usr/lib/mysql/plugin/*.so* mr,
+  /usr/sbin/mysqld mr,
+  /usr/share/mysql/** r,
+  /var/log/mysql.log rw,
+  /var/log/mysql.err rw,
+  /var/lib/mysql/ r,
+  /var/lib/mysql/** rwk,
+  /var/log/mysql/ r,
+  /var/log/mysql/* rw,
+  /var/run/mysqld/mysqld.pid rw,
+  /var/run/mysqld/mysqld.sock w,
+  /var/run/mysqld/mysqld.sock.lock rw,
+  /run/mysqld/mysqld.pid rw,
+  /run/mysqld/mysqld.sock w,
+  /run/mysqld/mysqld.sock.lock rw,
+
+  /sys/devices/system/cpu/ r,
+
+  # Site-specific additions and overrides. See local/README for details.
+  #include <local/usr.sbin.mysqld>
+}