[Bug 294935] [NEW] apparmor error when logging to /var/log/named/
LuisMondesi
lemsx1 at gmail.com
Fri Nov 7 00:22:25 GMT 2008
Public bug reported:
Binary package hint: bind9
Intro:
Change your logging options to log to /var/log/named (as permitted by
default apparmor profile). When the logs reach the limit and named
attempts to rotate the file, apparmor denies reading from the directory
(listing) so it cannot create the new file and move the old file to a
new name: queries.log becomes queries.log.0
Error:
Nov 6 19:14:06 nibbler1 kernel: [3745271.955029]
audit(1226016846.695:70886): type=1503 operation="inode_permission"
requested_mask="r::" denied_mask="r::" name="/var/log/named/" pid=19055
profile="/usr/sbin/named" namespace="default"
Solution:
Allow named to read /var/log/named:
/etc/apparmor.d/usr.sbin.named
...
# some people like to put logs in /var/log/named/
/var/log/named/** rw,
/var/log/named/ rw,
...
cat /etc/apparmor.d/usr.sbin.named | sudo apparmor_parser -r
sudo /etc/init.d/apparmor reload
That fixes the issue.
** Affects: bind9 (Ubuntu)
Importance: Undecided
Status: New
--
apparmor error when logging to /var/log/named/
https://bugs.launchpad.net/bugs/294935
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to bind9 in ubuntu.
More information about the Ubuntu-server-bugs
mailing list