I am trying to execute a shell command from within mysql (from within a procedure or a trigger or the command line for mysql).
I have added lib_mysqludf_sys to the mysql plugins and created the functions that are available with the library. (the library) home page
The library has 5 functions.
- sys_set - to set $PATH - this works and stores the $PATH which i can later check.
- sys_get - to get the stored value of $PATH - this also works and returns the value that I have stored.
- sys_exec - to execute a command in the system and return the exit code.
- sys_eval - to execute a command in the system and return the standard output.
- lib_mysqludf_sys_info - return the current version of the library - this also works.
I need sys_exec and sys_eval to work correctly.
I think I have found the problem in my search but cannot solve it.
mysql is limited by apparmor and is not granted access to execute system commands by the default apparmor profile. I have tried the commands in the documentation to disable a single profile, disable the framework, putting all profiles except one into enforce mode and putting all profiles in complain mode. Nothing works. the command
sudo apparmor_status
always gives me the same output.
20 profiles are loaded.
20 profiles are in enforce mode.
/opt/extras.ubuntu.com/unity-lens-askubuntu/unity-askubuntu-daemon
/sbin/dhclient
/usr/bin/evince
/usr/bin/evince-previewer
/usr/bin/evince-previewer//launchpad_integration
/usr/bin/evince-previewer//sanitized_helper
/usr/bin/evince-thumbnailer
/usr/bin/evince-thumbnailer//sanitized_helper
/usr/bin/evince//launchpad_integration
/usr/bin/evince//sanitized_helper
/usr/lib/NetworkManager/nm-dhcp-client.action
/usr/lib/connman/scripts/dhclient-script
/usr/lib/cups/backend/cups-pdf
/usr/lib/lightdm/lightdm/lightdm-guest-session-wrapper
/usr/lib/telepathy/mission-control-5
/usr/lib/telepathy/telepathy-*
/usr/sbin/cupsd
/usr/sbin/mysqld
/usr/sbin/tcpdump
/usr/share/gdm/guest-session/Xsession
0 profiles are in complain mode.
5 processes have profiles defined.
5 processes are in enforce mode.
/sbin/dhclient (2537)
/usr/lib/telepathy/mission-control-5 (2709)
/usr/sbin/cupsd (12245)
/usr/sbin/cupsd (12250)
/usr/sbin/mysqld (12675)
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.
Please tell me how I could disable apparmor or change the profile for mysql so that it has access to executing system commands.
The reason I am doing all this is so that I can execute a system command when somethings happen in the DB (via a DB trigger), if you have suggestion for some other ways in which this can be easily implemented then please mention those too.
Thanks.
