Skip to content
logo
Percona XtraBackup
Work with AppArmor
Initializing search
    percona/pxb-docs
    percona/pxb-docs
    • Home
      • Release notes index
      • Percona XtraBackup 8.0.35-30 (2023-12-04)
      • Percona XtraBackup 8.0.34-29 (2023-08-21)
      • Percona XtraBackup 8.0.33-28 (2023-07-19)
      • Percona XtraBackup 8.0.33-27 (2023-05-25)
      • Percona XtraBackup 8.0.32-26 (2023-04-04)
      • Percona XtraBackup 8.0.32-25 (2023-02-27)
      • Percona XtraBackup 8.0.31-24 (2023-02-07)
        • Percona XtraBackup 8.0.30-23 (2022-11-14)
        • Percona XtraBackup 8.0.29-22 (2022-07-19)
        • Percona XtraBackup 8.0.28-21 (2022-05-25)
        • Percona XtraBackup 8.0.28-20
        • Percona XtraBackup 8.0.27-19
        • Percona XtraBackup 8.0.26-18.0
        • Percona XtraBackup 8.0.25-17.0
        • Percona XtraBackup 8.0.23-16.0
        • Percona XtraBackup 8.0.22-15.0
        • Percona XtraBackup 8.0.14
        • Percona XtraBackup 8.0.13
        • Percona XtraBackup 8.0.12
        • Percona XtraBackup 8.0.11
        • Percona XtraBackup 8.0.10
        • Percona XtraBackup 8.0.9
        • Percona XtraBackup 8.0.8
        • Percona XtraBackup 8.0.7
        • Percona XtraBackup 8.0.6
        • Percona XtraBackup 8.0.5
        • Percona XtraBackup 8.0.4
        • Percona XtraBackup 8.0-3-rc1
      • About Percona XtraBackup
      • How Percona XtraBackup works
      • Understand version numbers
        • LRU dump backup
        • Throttling backups
        • Store backup history on the server
        • Dictionary cache
        • Point-in-time recovery
        • Restore individual tables
      • Encrypted InnoDB tablespace backups
      • FLUSH TABLES WITH READ LOCK option
      • Improved log statements
      • lock-ddl-per-table option improvements
      • Smart memory estimation
      • Work with binary logs
      • Overview
        • The xtrabackup binary overview
        • xtrabackup implementation details
        • Configure xtrabackup
        • Analyze table statistics
      • The xbcrypt binary overview
        • The xbstream binary overview
        • Take a streaming backup
        • Accelerate the backup process
        • Encrypt backups
        • The xbcloud binary overview
          • Use the xbcloud binary with Amazon S3
          • Use the xbcloud binary with an IAM instance profile
          • Use the xbcloud binary with Swift
          • Use the xbcloud binary with Google Cloud Storage
          • Use the xbcloud binary with Microsoft Azure Cloud Storage
          • Use the xbcloud binary with MinIO
        • Update curl utility
        • FIFO data sink
        • Exponential backoff
      • Quickstart Guide for Percona XtraBackup
      • Install Percona XtraBackup 8.0 overview
        • Server version and backup version comparison
        • Connection and privileges needed
        • Permissions needed
        • Use APT repositories
        • Files in DEB package
        • Downloaded DEB packages
        • Apt pinning
        • Work with AppArmor
          • Develop a profile
        • Uninstall
        • Use RPM repositories
        • Files in RPM package
        • Downloaded RPM packages
        • Work with SELinux
        • Uninstall
        • Install with binary tarballs
        • Binary tarballs available
        • Compile and install Percona XtraBackup 8.0 from source
        • Run Percona XtraBackup 8.0 in a Docker container
        • Create a full backup
        • Prepare a full backup
        • Create an incremental backup
        • Prepare an incremental backup
        • Take an incremental backup using page tracking
        • Create a compressed backup
        • Decompress and prepare a compressed backup
        • Create a partial backup
        • Prepare a partial backup
        • Create an individual partitions backup
        • Prepare an individual partitions backup
        • Restore full, incremental, compressed backups
        • Restore a partial backup
        • Restore an individual partitions backup
        • How to set up a replica for replication in 6 simple steps with Percona XtraBackup
        • How to create a new (or repair a broken) GTID-based replica
        • Make backups in replication environments
        • Verify backups with replication and pt-checksum
      • Error Message: Found tables with row versions due to INSTANT ADD/DROP columns
      • xtrabackup exit codes
      • Topic index
      • The xtrabackup option reference
      • Index of files created by Percona XtraBackup
      • Frequently asked questions
      • Glossary
      • Percona Toolkit version checking
      • Trademark policy
      • Copyright and licensing information

    • Develop a profile

    Work with AppArmor¶

    The Linux Security Module implements mandatory access controls (MAC) with AppArmor. Debian and Ubuntu systems install AppArmor by default. AppArmor uses profiles which define which files and permissions are needed for application.

    Percona XtraBackup does not have a profile and is not confined by AppArmor.

    For a list of common AppArmor commands, see Percona Server for MySQL - AppArmor

    Develop a profile¶

    Download the profile from:

    https://github.com/percona/percona-xtrabackup/tree/8.0/packaging/percona/apparmor/apparmor.d

    The following profile sections should be updated with your system information, such as location of the backup destination directory.

    Expected output
    # enable storing backups only in /backups directory
    # /backups/** rwk,
    
    # enable storing backups anywhere in caller user home directory
    /@{HOME}/** rwk,
    
    
    # enable storing backups only in /backups directory
    # /backups/** rwk,
    
    # enable storing backups anywhere in caller user home directory
    /@{HOME}/** rwk,
    }
    
    # enable storing backups only in /backups directory
    # /backups/** rwk,
    
    # enable storing backups anywhere in caller user home directory
    /@{HOME}/** rwk,
    }
    

    Move the updated file:

    $ sudo mv usr.sbin.xtrabackup /etc/apparmor.d/
    

    Install the profile with the following command:

    $ sudo apparmor_parser -r -T -W /etc/apparmor.d/usr.sbin.xtrabackup
    

    Run the backup as usual.

    No additional AppArmor-related actions are required to restore a backup.

    Contact us

    For free technical help, visit the Percona Community Forum.

    To report bugs or submit feature requests, open a JIRA ticket.

    For paid support and managed or consulting services , contact Percona Sales.


    Last update: 2023-06-12
    Percona LLC and/or its affiliates, © 2023
    Made with Material for MkDocs

    Cookie consent

    We use cookies to recognize your repeated visits and preferences, as well as to measure the effectiveness of our documentation and whether users find what they're searching for. With your consent, you're helping us to make our documentation better. Read more about Percona Cookie Policy.