BestHub
Sign in
Databases 7 min read

Resolving MySQL Startup Failure Caused by AppArmor on Ubuntu

This article explains why MySQL fails to start on Ubuntu due to AppArmor restrictions and provides two practical solutions: editing the AppArmor profile to grant MySQL directory access or switching AppArmor to complain mode, with full command examples and configuration snippets.

Aikesheng Open Source Community
Aikesheng Open Source Community
Aikesheng Open Source Community
Resolving MySQL Startup Failure Caused by AppArmor on Ubuntu

AppArmor is a kernel‑level security mechanism on Debian‑based Linux distributions that restricts process access to system resources. When MySQL is started on an Ubuntu 18 system with MySQL 8.0.27, AppArmor can block the required file and directory operations, causing the service to fail.

The failure is evident from the following commands and logs:

root@ytt-ubuntu:~# systemctl start mysql
Job for mysql.service failed because the control process exited with error code.
See "systemctl status mysql.service" and "journalctl -xe" for details.
root@ytt-ubuntu:~# journalctl -xe
... audit: type=1400 audit(...): apparmor="DENIED" operation="mknod" profile="/usr/sbin/mysqld" name="/opt/mysql/data/mysqld_tmp_file_case_i"
... mysql.service: Main process exited, code=exited, status=1/FAILURE
... Failed to start MySQL Community Server.

The logs show that AppArmor denied MySQL's attempts to create files in the data and log directories because those paths are not permitted in the AppArmor profile.

Solution 1 – Modify the AppArmor profile

Add the required directory permissions to /etc/apparmor.d/user.sbin.mysqld (or replace the existing MySQL entries):

# pid, socket and other files
/opt/mysql/*          rw,
# data directory contents
/opt/mysql/data/     r,
/opt/mysql/data/**   rwk,
# log file contents
/opt/mysql/log/       r,
/opt/mysql/log**      rw,

Reload AppArmor and restart MySQL:

root@ytt-ubuntu:~# systemctl reload apparmor
root@ytt-ubuntu:/opt/mysql# systemctl start mysql

The service starts successfully, and its status shows it is running.

Solution 2 – Switch AppArmor to complain mode for MySQL

Install the utility package and set the MySQL profile to complain mode:

root@ytt-ubuntu:~# apt-get install apparmor-utils
root@ytt-ubuntu:~# aa-complain /etc/apparmor.d/usr.sbin.mysqld
Setting /etc/apparmor.d/usr.sbin.mysqld to complain mode.

Reload AppArmor and restart MySQL:

root@ytt-ubuntu:~# systemctl reload apparmor
root@ytt-ubuntu:~# systemctl restart mysql

MySQL now starts in the normal running state.

Note: This issue occurs with MySQL installed from APT packages; using a binary distribution can avoid the AppArmor conflict.

DatabaseLinuxMySQLsecurityTroubleshootingapparmorUbuntu
Aikesheng Open Source Community
Written by

Aikesheng Open Source Community

The Aikesheng Open Source Community provides stable, enterprise‑grade MySQL open‑source tools and services, releases a premium open‑source component each year (1024), and continuously operates and maintains them.

0 followers
Reader feedback

How this landed with the community

login Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment