[Bug 236510] [NEW] default apparmor setting prevents bind from running under chroot
Launchpad Bug Tracker
236510 at bugs.launchpad.net
Mon Oct 26 15:26:52 GMT 2009
You have been subscribed to a public bug:
Binary package hint: apparmor
Easily reproducible.
1) Fresh minimal install of LTS 8.04 Hardy
2) Install bind9, verify that permissions ARE correct
3) Create the chroot (scroll down to "DNS Server" section of http://www.howtoforge.com/perfect-server-ubuntu8.04-lts-p4 to copy/paste this setup easily )
3) Edit /etc/default/bind9 changing this line to this:
OPTIONS="-u bind -t /var/lib/named"
4) Try to start bind. It will complain thusly to syslog:
none:0: open: /etc/bind/named.conf: permission denied
loading configuration: permission denied
exiting (due to fatal error)
To make bind work:
/etc/init.d/apparmor stop
/etc/init.d/bind9 start
To make it fail:
/etc/init.d/apparmor stop
/etc/init.d/bind9 restart
Unable to find sufficient documentation on apparmor to discover a
workaround, that would be satisfactory as well though the next point
release should make this behavior a default; for many years and for many
reasons most servers have run bind in a chroot jail.
** Affects: bind9 (Ubuntu)
Importance: Undecided
Status: New
--
default apparmor setting prevents bind from running under chroot
https://bugs.launchpad.net/bugs/236510
You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to bind9 in ubuntu.
More information about the Ubuntu-server-bugs
mailing list