🟑 Medium   ⏱ 5–30 min  Last verified: 20 May 2026

πŸ“– ~1 min read

Table of contents
  1. Symptom & Impact
  2. Environment & Reproduction
  3. Root Cause Analysis
  4. Quick Triage
  5. Step-by-Step Diagnosis
  6. Solution – Primary Fix
  7. Solution – Alternative Approaches
  8. Verification & Acceptance Criteria
  9. Rollback Plan
  10. Prevention & Hardening
  11. Related Errors & Cross-Refs
  12. References & Further Reading

Symptom & Impact

MySQL service fails at startup after moving datadir to new mount path. Dependent applications lose database connectivity and transaction processing stops.

Environment & Reproduction

Ubuntu 22.04 LTS with mysql-server and AppArmor enabled. Reproduce by setting datadir outside default /var/lib/mysql without corresponding profile updates.

Root Cause Analysis

AppArmor confines mysqld file access to approved paths. When datadir is moved, mandatory access control blocks startup despite valid filesystem permissions.

Quick Triage

Inspect mysql and kernel audit logs to confirm AppArmor denials instead of generic service misconfiguration.

Step-by-Step Diagnosis

Review active MySQL AppArmor profile and denied path entries, then validate that mysqld can read/write target datadir ownership and mode.

Illustrative mockup for ubuntu-22-04-lts β€” mysql_apparmor_denied
AppArmor denial preventing mysqld from accessing custom datadir β€” Illustrative mockup β€” Progressive Robot

Solution – Primary Fix

Add custom datadir rules to mysqld AppArmor profile, reload profile, and restart MySQL. Keep policy least-privileged to required paths only.

Still having issues? Our IT Solutions & Services team can diagnose and resolve this for you. Get in touch for a free consultation.

Illustrative mockup for ubuntu-22-04-lts β€” mysql_apparmor_profile_fix
Updated AppArmor profile allows MySQL custom data directory β€” Illustrative mockup β€” Progressive Robot

Solution – Alternative Approaches

Move datadir back to default location, mount storage under approved path, or use AppArmor local include snippets for cleaner profile maintenance.

Verification & Acceptance Criteria

mysql service remains active, application queries succeed, and no new AppArmor denials appear for mysqld during normal workload.

Rollback Plan

Restore previous AppArmor profile, revert datadir setting in MySQL config, and restart service to return to prior stable baseline.

Prevention & Hardening

Include AppArmor updates in change plans for path migrations, test database startup in staging, and audit mandatory access denials continuously.

Related to SELinux denials on non-Ubuntu systems, file permission mismatches, and stale mysql.sock path references after datadir changes.

Related tutorial: View the step-by-step tutorial for Ubuntu 22.04 LTS.

View all Ubuntu 22.04 LTS tutorials on the Tutorials Hub β†’

Browse all common problems & solutions on the Tutorials Hub.

References & Further Reading

Read Ubuntu AppArmor docs, MySQL deployment guidance, and manuals for aa-status(8), apparmor_parser(8), and mysqld(8).

Need Expert Help?

If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today β€” we respond within one business day.