[apparmor] unbound profile / chown
simon.deziel at gmail.com
Sun May 29 19:21:54 UTC 2016
On 2016-05-29 11:34 AM, Christian Boltz wrote:
> I just updated my system to the latest unbound profile from
> unbound works without problems, but I get chown denials logged.
> I'm using unbound 1.5.8, which already includes the patches from
> (at least the changelog says so ;-)
The behavior with 1.5.8 is to attempt chown'ing only if the PID is in
the chroot or if no chroot is used. I must have _wrongly_ assumed that
chroot was the default in Debian/Ubuntu so I removed the deny rule.
> Do we need to explicitely "deny capability chown," in the profile?
Since the original issue remains, I think it should be re-added .
In the meantime, you might want to try to the chroot feature :)
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 949 bytes
Desc: OpenPGP digital signature
More information about the AppArmor