Comment 0 for bug 1759084

The AppArmor profile usr.sbin.mysqld-akonadi is not compatible with seccomp in general and the no_new_privs bit specifically, because it includes a profile transition.

I came across this when I tried to write a profile for the Firejail sandbox, and had to omit everything seccomp related in order to not break Akonadi: https://github.com/netblue30/firejail/blob/1bc84f3e53f66abf4ee246e89f20f72626a199de/etc/akonadi_control.profile

Would it be possible for you to replace access mode cx with ix here? Especially because the transition in usr.sbin.mysqld-akonadi seems to not have been motivated by any administrative or security needs....

Best regards,
smitsohu