Installation failed on docker mysql

[0xbentang]

SUMMARY

I was trying to install this audit plugin on a mysql server 5.7 running inside docker container, but mysql failed to install and start after including it. I tried with different patch version but still doesn't work.

Relevant logs:

mysql_test | 2021-01-20T07:13:16.161166Z 0 [Note] mysqld (mysqld 5.7.25) starting as process 1 ...
mysql_test | 2021-01-20T07:13:16.166321Z 0 [Note] InnoDB: PUNCH HOLE support available
mysql_test | 2021-01-20T07:13:16.166348Z 0 [Note] InnoDB: Mutexes and rw_locks use GCC atomic builtins
mysql_test | 2021-01-20T07:13:16.166353Z 0 [Note] InnoDB: Uses event mutexes
mysql_test | 2021-01-20T07:13:16.166357Z 0 [Note] InnoDB: GCC builtin __atomic_thread_fence() is used for memory barrier
mysql_test | 2021-01-20T07:13:16.166361Z 0 [Note] InnoDB: Compressed tables use zlib 1.2.11
mysql_test | 2021-01-20T07:13:16.166366Z 0 [Note] InnoDB: Using Linux native AIO
mysql_test | 2021-01-20T07:13:16.166779Z 0 [Note] InnoDB: Number of pools: 1
mysql_test | 2021-01-20T07:13:16.166942Z 0 [Note] InnoDB: Using CPU crc32 instructions
mysql_test | 2021-01-20T07:13:16.169908Z 0 [Note] InnoDB: Initializing buffer pool, total size = 128M, instances = 1, chunk size = 128M
mysql_test | 2021-01-20T07:13:16.183429Z 0 [Note] InnoDB: Completed initialization of buffer pool
mysql_test | 2021-01-20T07:13:16.186660Z 0 [Note] InnoDB: If the mysqld execution user is authorized, page cleaner thread priority can be changed. See the man page of setpriority().
mysql_test | 2021-01-20T07:13:16.200598Z 0 [Note] InnoDB: Highest supported file format is Barracuda.
mysql_test | 2021-01-20T07:13:16.220344Z 0 [Note] InnoDB: Creating shared tablespace for temporary tables
mysql_test | 2021-01-20T07:13:16.220421Z 0 [Note] InnoDB: Setting file './ibtmp1' size to 12 MB. Physically writing the file full; Please wait ...
mysql_test | 2021-01-20T07:13:16.243207Z 0 [Note] InnoDB: File './ibtmp1' size is now 12 MB.
mysql_test | 2021-01-20T07:13:16.244152Z 0 [Note] InnoDB: 96 redo rollback segment(s) found. 96 redo rollback segment(s) are active.
mysql_test | 2021-01-20T07:13:16.244163Z 0 [Note] InnoDB: 32 non-redo rollback segment(s) are active.
mysql_test | 2021-01-20T07:13:16.244822Z 0 [Note] InnoDB: 5.7.25 started; log sequence number 12664149
mysql_test | 2021-01-20T07:13:16.245165Z 0 [Note] InnoDB: Loading buffer pool(s) from /var/lib/mysql/ib_buffer_pool
mysql_test | 2021-01-20T07:13:16.245505Z 0 [Note] Plugin 'FEDERATED' is disabled.
mysql_test | 2021-01-20T07:13:16.246205Z 0 [Warning] option 'audit-json-file-bufsize': signed value 0 adjusted to 1
mysql_test | 2021-01-20T07:13:16.246219Z 0 [Warning] option 'plugin-audit-json-file-bufsize': signed value 0 adjusted to 1
mysql_test | 2021-01-20T07:13:16.248505Z 0 [Note] InnoDB: Buffer pool(s) load completed at 210120  7:13:16
mysql_test | 2021-01-20T07:13:16.253756Z 0 [Note] McAfee Audit Plugin: starting up. Version: 1.1.7 , Revision: 913 (64bit). MySQL AUDIT plugin interface version: 1025 (0x401). MySQL Server version: 5.7.25.
mysql_test | 2021-01-20T07:13:16.253775Z 0 [Note] McAfee Audit Plugin: setup_offsets audit_offsets: (null) validate_checksum: 1 offsets_by_version: 1
mysql_test | mysqld: File 'mysqld' not found (Errcode: 2 - No such file or directory)
mysql_test | 2021-01-20T07:13:16.253808Z 0 [ERROR] McAfee Audit Plugin: Failed file open: [mysqld], errno: 2. Retrying with /proc/1/exe.
mysql_test | 2021-01-20T07:13:16.334932Z 0 [Note] McAfee Audit Plugin: mysqld: mysqld (7f8c6998cb9cd89f6240c1001de6bbb4)
mysql_test | 2021-01-20T07:13:16.334960Z 0 [Note] McAfee Audit Plugin: extended offsets validate res: MySQL thread id 123456, OS thread handle 0, query id 789 aud_tusr
mysql_test | 2021-01-20T07:13:16.334965Z 0 [Note] McAfee Audit Plugin: Using offsets from offset version: 5.7.25 (55b6a58bd6316b6e216c1a346d7de513)
mysql_test | 2021-01-20T07:13:16.334987Z 0 [Note] McAfee Audit Plugin: Set whitelist_cmds num: 0, value:
mysql_test | 2021-01-20T07:13:16.334999Z 0 [Note] McAfee Audit Plugin: Set record_cmds num: 14, value: create_user,drop_user,drop_db,drop_table,alter_user,alter_db,alter_table,alter_tablespace,grant,revoke,revoke_all,truncate,quit,connect
mysql_test | 2021-01-20T07:13:16.335008Z 0 [Note] McAfee Audit Plugin: Set password_masking_cmds num: 0, value:
mysql_test | 2021-01-20T07:13:16.335012Z 0 [Note] McAfee Audit Plugin: Set password_masking_regex  value: []
mysql_test | 2021-01-20T07:13:16.335022Z 0 [Note] McAfee Audit Plugin: Set json_socket_name str: [] value: [/var/run/db-audit/mysql.audit__var_lib_mysql_3306]
mysql_test | 2021-01-20T07:13:16.335055Z 0 [Note] McAfee Audit Plugin: bufsize for file [/var/log/mysql/mysql-audit.log]: 1. Value of json_file_bufsize: 1.
mysql_test | 2021-01-20T07:13:16.335104Z 0 [Note] McAfee Audit Plugin: success opening file: /var/log/mysql/mysql-audit.log.
mysql_test | 2021-01-20T07:13:16.335112Z 0 [Note] McAfee Audit Plugin: mem func addr: 0x7fe8f3108c90 mem start addr: 0x7fe8f3109000 page size: 4096
mysql_test | 2021-01-20T07:13:16.335117Z 0 [Note] Audit Plugin: hot patching function: 0x55ad0a483120, trampolineFunction: 0x7fe8f3109000 trampolinePage: 0x7fe8f3109000
mysql_test | 2021-01-20T07:13:16.335182Z 0 [Note] McAfee Audit Plugin: hot patch for: mysql_execute_command (0x55ad0a483120) complete. Audit func: 0x7fe8f310d3e0, Trampoline address: 0x7fe8f3109000, size: 16, used: 30.
mysql_test | 2021-01-20T07:13:16.335189Z 0 [Note] Audit Plugin: hot patching function: 0x55ad0a438790, trampolineFunction: 0x7fe8f3109020 trampolinePage: 0x7fe8f3109000
mysql_test | 2021-01-20T07:13:16.335202Z 0 [Note] ud_obj.mnemonic == UD_Ijmp: 0
mysql_test | 2021-01-20T07:13:16.335205Z 0 [Note] ud_obj.mnemonic == UD_Icall: 0
mysql_test | 2021-01-20T07:13:16.335208Z 0 [Note] ud_obj.operand[0].type == UD_OP_JIMM: 1
mysql_test | 2021-01-20T07:13:16.335211Z 0 [Note] __x86_64__
mysql_test | 2021-01-20T07:13:16.335214Z 0 [ERROR] Audit Plugin: unable to disassemble at address: 0x0x55ad0a438797. Found relative addressing for instruction: [jnz 0x55ad0a4387a5]. Aborting.
mysql_test | 2021-01-20T07:13:16.335220Z 0 [ERROR] McAfee Audit Plugin: unable to hot patch send_result_to_client (0x55ad0a438790). res: -1.
mysql_test | 2021-01-20T07:13:16.335223Z 0 [ERROR] Plugin 'AUDIT' init function returned error.
mysql_test | 2021-01-20T07:13:16.335226Z 0 [ERROR] Plugin 'AUDIT' registration as a AUDIT failed.
mysql_test | 2021-01-20T07:13:16.335238Z 0 [Note] McAfee Audit Plugin: deinit

ENVIRONMENT

• host: Ubuntu 18.04.4 LTS
• docker: 19.03.12
• mysql: 5.7.25

STEPS TO REPRODUCE

docker-compose.yml

version: "3"
services:
  mysql:
    image: mysql:5.7.25
    container_name: mysql_test
    restart: always
    environment:
      MYSQL_ROOT_PASSWORD: root
    volumes:
      - mysqldata:/var/lib/mysql
      - mysql_log:/var/log/mysql
      - ./libaudit_plugin.so:/usr/lib/mysql/plugin/libaudit_plugin.so
      - ./audit_plugin.cnf:/etc/mysql/mysql.conf.d/audit_plugin.cnf
    ports:
      - "12306:3306"
volumes:
  mysqldata:
  mysql_log:

libaudit_plugin.so: downloaded from https://bintray.com/mcafee/mysql-audit-plugin/download_file?file_path=audit-plugin-mysql-5.7-1.1.7-913-linux-x86_64.zip

audit_plugin.cnf

[mysqld]
plugin-load=AUDIT=libaudit_plugin.so
audit_json_file = on
audit_password_masking_cmds=""
audit_password_masking_regex=""
audit_whitelist_cmds=""
audit_record_cmds="create_user,drop_user,drop_db,drop_table,alter_user,alter_db,alter_table,alter_tablespace,grant,revoke,revoke_all,truncate,quit,connect"
audit_json_log_file="/var/log/mysql/mysql-audit.log"

EXPECTED RESULTS

When running docker-compose up -d the plugin should be installed and then mysql service will start in the container

[vasile-v1]

How is your problem solved?

[dbakit]

I meet this error too...

[yuanjinyong]

mee too MySQL 5.7.36, audit-plugin-mysql-5.7-1.1.12-999-linux-x86_64.zip The docker run config is following:

docker run -itd \
--restart=unless-stopped \
--privileged=true \
--log-opt max-size=200m \
--log-opt max-file=5 \
-p 3306:3306 \
-e MYSQL_ROOT_PASSWORD=XXXXXX \
-e TZ="Asia/Shanghai" \
-v mysql:/var/lib/mysql \
-v /root/docker/mysql/usr/lib/mysql/plugin/libaudit_plugin.so:/usr/lib/mysql/plugin/libaudit_plugin.so \
--name mysql mysql:5.7.36 \
--character_set_server=utf8mb4 \
--collation_server=utf8mb4_bin \
--sql_mode="" \
--max_connections=1000 \
--max_allowed_packet=32M \
--lower_case_table_names=1 \
--group_concat_max_len=102400 \
--innodb_large_prefix=ON \
--innodb_buffer_pool_size=4G \
--plugin-load=AUDIT=libaudit_plugin.so \
--audit_json_file=on \
--audit_whitelist_cmds=connect,quit,show,select \
--audit_offsets="7832, 7880, 3640, 4800, 456, 360, 0, 32, 64, 160, 544, 7996, 4368, 3648, 3656, 3660, 6080, 2072, 8, 7064, 7104, 7088, 13480, 148, 672, 0"

And the logs is:

2022-09-28T02:27:50.270755Z 0 [Note] InnoDB: 5.7.36 started; log sequence number 12659701
2022-09-28T02:27:50.271244Z 0 [Note] Plugin 'FEDERATED' is disabled.
2022-09-28T02:27:50.271329Z 0 [Note] InnoDB: Loading buffer pool(s) from /var/lib/mysql/ib_buffer_pool
2022-09-28T02:27:50.271733Z 0 [Warning] option 'audit-json-file-bufsize': signed value 0 adjusted to 1
2022-09-28T02:27:50.271742Z 0 [Warning] option 'plugin-audit-json-file-bufsize': signed value 0 adjusted to 1
2022-09-28T02:27:50.275461Z 0 [Note] InnoDB: Buffer pool(s) load completed at 220928 10:27:50
2022-09-28T02:27:50.276739Z 0 [Note] Trellix Audit Plugin: starting up. Version: 1.1.12 , Revision: 999 (64bit). MySQL AUDIT plugin interface version: 1025 (0x401). MySQL Server version: 5.7.36.
2022-09-28T02:27:50.276757Z 0 [Note] Trellix Audit Plugin: setup_offsets audit_offsets: 7832, 7880, 3640, 4800, 456, 360, 0, 32, 64, 160, 544, 7996, 4368, 3648, 3656, 3660, 6080, 2072, 8, 7064, 7104, 7088, 13480, 148, 672, 0 validate_checksum: 1 offsets_by_version: 1
mysqld: File 'mysqld' not found (Errcode: 2 - No such file or directory)
2022-09-28T02:27:50.276789Z 0 [ERROR] Trellix Audit Plugin: Failed file open: [mysqld], errno: 2. Retrying with /proc/1/exe.
2022-09-28T02:27:50.333237Z 0 [Note] Trellix Audit Plugin: mysqld: mysqld (a3f74ff8cad2382f3e2ac0cdf98c7263) 
2022-09-28T02:27:50.333277Z 0 [Note] Trellix Audit Plugin: setup_offsets Audit_formatter::thd_offsets values: 7832 7880 3640 4800 456 360 0 32 64 160 544 7996 4368 3648 3656 3660 6080 2072 8 7064 7104 7088 13480 148 672 0
2022-09-28T02:27:50.333292Z 0 [Note] Trellix Audit Plugin: extended offsets validate res: MySQL thread id 123456, OS thread handle 0, query id 789 aud_tusr
2022-09-28T02:27:50.333296Z 0 [Note] Trellix Audit Plugin: Validation passed. Using offsets from audit_offsets: 7832, 7880, 3640, 4800, 456, 360, 0, 32, 64, 160, 544, 7996, 4368, 3648, 3656, 3660, 6080, 2072, 8, 7064, 7104, 7088, 13480, 148, 672, 0
2022-09-28T02:27:50.333308Z 0 [Note] Trellix Audit Plugin: Set whitelist_cmds num: 4, value: connect,quit,show,select
2022-09-28T02:27:50.333321Z 0 [Note] Trellix Audit Plugin: Set password_masking_cmds num: 8, value: CREATE_USER,GRANT,SET_OPTION,SLAVE_START,CREATE_SERVER,ALTER_SERVER,CHANGE_MASTER,UPDATE
2022-09-28T02:27:50.333394Z 0 [Note] Trellix Audit Plugin: Compile password_masking_regex  res: [1]
2022-09-28T02:27:50.333398Z 0 [Note] Trellix Audit Plugin: Set password_masking_regex  value: [identified(?:/\*.*?\*/|\s)*?by(?:/\*.*?\*/|\s)*?(?:password)?(?:/\*.*?\*/|\s)*?['|"](?<psw>.*?)(?<!\\)['|"]|password(?:/\*.*?\*/|\s)*?\((?:/\*.*?\*/|\s)*?['|"](?<psw>.*?)(?<!\\)['|"](?:/\*.*?\*/|\s)*?\)|password(?:/\*.*?\*/|\s)*?(?:for(?:/\*.*?\*/|\s)*?\S+?)?(?:/\*.*?\*/|\s)*?=(?:/\*.*?\*/|\s)*?['|"](?<psw>.*?)(?<!\\)['|"]|password(?:/\*.*?\*/|\s)*?['|"](?<psw>.*?)(?<!\\)['|"]]
2022-09-28T02:27:50.333406Z 0 [Note] Trellix Audit Plugin: Set json_socket_name str: [] value: [/var/run/db-audit/mysql.audit__var_lib_mysql_3306]
2022-09-28T02:27:50.333438Z 0 [Note] Trellix Audit Plugin: bufsize for file [mysql-audit.json]: 1. Value of json_file_bufsize: 1.
2022-09-28T02:27:50.333479Z 0 [Note] Trellix Audit Plugin: success opening file: mysql-audit.json.
2022-09-28T02:27:50.333484Z 0 [Note] Trellix Audit Plugin: mem func addr: 0x7fbbf77f1ee0 mem start addr: 0x7fbbf77f2000 page size: 4096
2022-09-28T02:27:50.333488Z 0 [Note] Audit Plugin: hot patching function: 0x55add06b9c80, trampolineFunction: 0x7fbbf77f2000 trampolinePage: 0x7fbbf77f2000
2022-09-28T02:27:50.333543Z 0 [Note] Trellix Audit Plugin: hot patch for: mysql_execute_command (0x55add06b9c80) complete. Audit func: 0x7fbbf77f6680, Trampoline address: 0x7fbbf77f2000, size: 16, used: 30.
2022-09-28T02:27:50.333549Z 0 [Note] Audit Plugin: hot patching function: 0x55add0672bd0, trampolineFunction: 0x7fbbf77f2020 trampolinePage: 0x7fbbf77f2000
2022-09-28T02:27:50.333563Z 0 [Note] ud_obj.mnemonic == UD_Ijmp: 0
2022-09-28T02:27:50.333566Z 0 [Note] ud_obj.mnemonic == UD_Icall: 0
2022-09-28T02:27:50.333569Z 0 [Note] ud_obj.operand[0].type == UD_OP_JIMM: 1
2022-09-28T02:27:50.333571Z 0 [Note] __x86_64__
2022-09-28T02:27:50.333574Z 0 [ERROR] Audit Plugin: unable to disassemble at address: 0x0x55add0672bd7. Found relative addressing for instruction: [jnz 0x55add0672c20]. Aborting.
2022-09-28T02:27:50.333579Z 0 [ERROR] Trellix Audit Plugin: unable to hot patch send_result_to_client (0x55add0672bd0). res: -1.
2022-09-28T02:27:50.333583Z 0 [ERROR] Plugin 'AUDIT' init function returned error.
2022-09-28T02:27:50.333587Z 0 [ERROR] Plugin 'AUDIT' registration as a AUDIT failed.
2022-09-28T02:27:50.333601Z 0 [Note] Trellix Audit Plugin: deinit
2022-09-28T02:27:50.333604Z 0 [Note] trampolinesize: 0
2022-09-28T02:27:50.333606Z 0 [Note] saved_code->size: 0
2022-09-28T02:27:50.333609Z 0 [Note] Audit Plugin: not removing as hot patch was not set: 0x55add066e300
2022-09-28T02:27:50.333612Z 0 [Note] trampolinesize: 0
2022-09-28T02:27:50.333614Z 0 [Note] saved_code->size: 0
2022-09-28T02:27:50.333617Z 0 [Note] Audit Plugin: not removing as hot patch was not set: 0x55add0672bd0
2022-09-28T02:27:50.333619Z 0 [Note] trampolinesize: 0
2022-09-28T02:27:50.333622Z 0 [Note] saved_code->size: 0
2022-09-28T02:27:50.333625Z 0 [Note] Audit Plugin: not removing as hot patch was not set: 0x55add07b6390
2022-09-28T02:27:50.333627Z 0 [Note] trampolinesize: 16
2022-09-28T02:27:50.333630Z 0 [Note] saved_code->size: 16
2022-09-28T02:27:50.333633Z 0 [Note] Audit Plugin: removing hot patching function: 0x55add06b9c80 targetPage: 0x55add06b9000 trampolineFunction: 0x7fbbf77f2000
2022-09-28T02:27:50.335792Z 0 [Note] Found ca.pem, server-cert.pem and server-key.pem in data directory. Trying to enable SSL support using them.
2022-09-28T02:27:50.335813Z 0 [Note] Skipping generation of SSL certificates as certificate files are present in data directory.
2022-09-28T02:27:50.335819Z 0 [Warning] A deprecated TLS version TLSv1 is enabled. Please use TLSv1.2 or higher.
2022-09-28T02:27:50.335821Z 0 [Warning] A deprecated TLS version TLSv1.1 is enabled. Please use TLSv1.2 or higher.
2022-09-28T02:27:50.336396Z 0 [Warning] CA certificate ca.pem is self signed.
2022-09-28T02:27:50.336433Z 0 [Note] Skipping generation of RSA key pair as key files are present in data directory.
2022-09-28T02:27:50.336982Z 0 [Note] Server hostname (bind-address): '*'; port: 3306
2022-09-28T02:27:50.337021Z 0 [Note] IPv6 is available.
2022-09-28T02:27:50.337030Z 0 [Note]   - '::' resolves to '::';
2022-09-28T02:27:50.337051Z 0 [Note] Server socket created on IP: '::'.
2022-09-28T02:27:50.339156Z 0 [Warning] Insecure configuration for --pid-file: Location '/var/run/mysqld' in the path is accessible to all OS users. Consider choosing a different directory.
2022-09-28T02:27:50.346942Z 0 [Note] Event Scheduler: Loaded 0 events
2022-09-28T02:27:50.347238Z 0 [Note] mysqld: ready for connections.
Version: '5.7.36'  socket: '/var/run/mysqld/mysqld.sock'  port: 3306  MySQL Community Server (GPL)

[bijian127]

anybody known how to resolve that problem？😭