Canonical Juju

'juju-db.mongodump' doesn't have apparmor permissions to write log files to $HOME

Bug #1941656 reported by John A Meinel on 2021-08-25

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Canonical Juju	Fix Committed	High	Simon Richardson	Canonical Juju 3.1-rc2

Bug Description

While trying to obtain a dump of a production database, we had to play tricks with where we were putting the dump file, because the apparmor permissions we supply for juju-db don't allow writing to a user's home directory.

We should fix the apparmor settings even if we want mongod itself to be restricted, it is very hard to use a dump tool that can't write to normal paths.

Tags:

Harry Pidcock (hpidcock) on 2022-12-13

Changed in juju:
milestone:	2.9-next → 3.1-beta1

Canonical Juju QA Bot (juju-qa-bot) on 2023-01-20

Changed in juju:
milestone:	3.1-beta1 → 3.1-rc1

Revision history for this message

Simon Richardson (simonrichardson) wrote on 2023-01-23:

Isn't this a case of not having home interface[1] in the plugs section for mongodump[2]?

1. https://snapcraft.io/docs/home-interface
2. https://github.com/juju/juju-db-snap/blob/5.3/snap/snapcraft.yaml#L38-L41

Vitaly Antonenko (anvial) on 2023-01-23

Changed in juju:
assignee:	nobody → Simon Richardson (simonrichardson)

Revision history for this message

Simon Richardson (simonrichardson) wrote on 2023-01-23:

PR[1] for 4.4 mongo snap. I'll add the following to 5.0 and 5.3 once this has landed.

1. https://github.com/juju/juju-db-snap/pull/36

Canonical Juju QA Bot (juju-qa-bot) on 2023-01-24

Changed in juju:
milestone:	3.1-rc1 → 3.1-rc2

Simon Richardson (simonrichardson) on 2023-01-31

Changed in juju:
status:	Triaged → Fix Committed

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.