Ubuntu, mysql-server, apparmor, and symbolic links

If you can't start mysql-server on Ubuntu (at least version 12.10, where I encountered the error, but I imagine it might be pervasive) apparmor might (will) be denying the daemon from running due to mysql using absolute paths and skipping symbolic links on any major system directories (in my case, /var and /tmp).  Apparmor doesn't like that, since mysql-server doesn't have permissions on /mnt/data/var or /mnt/data/tmp, and the apparmor instructions only state the main system directories.

This bug only happens if you symlink directories apparmor will manage access to and from.  And it will only happen if an application, for some dumb reason, traces the absolute location of its operating directories and tries doing system calls on file operations using the paths of absolute file location, rather than using system prescribed paths such that it references major system directories through absolute paths.

The solution is to edit /etc/apparmor.d/tunables/alias and add in aliases such as:

alias /tmp/ -> /mnt/data/tmp/,

alias /var -> /mnt/data/var/,

If you do this, apparmor treats references to those directories like references to the symlink versions.  It is advisable to do this with any default dir you symlink on an apparmor based system so that the security suite doesn't bitch about random applications using arbitrary paths to get to the same folders.