[Bug 570936] [NEW] permission denied on /var/run/named/named.stats
Mikael Löfstrand
mld-launchpad at fluffigt.com
Tue Apr 27 21:35:12 BST 2010
Public bug reported:
Binary package hint: bind9
First things first:
$ lsb_release -rd
Description: Ubuntu 10.04 LTS
Release: 10.04
$ apt-cache policy bind9
bind9:
Installed: 1:9.7.0.dfsg.P1-1
Candidate: 1:9.7.0.dfsg.P1-1
Version table:
*** 1:9.7.0.dfsg.P1-1 0
500 http://se.archive.ubuntu.com/ubuntu/ lucid/main Packages
100 /var/lib/dpkg/status
I get a permission denied error on var/run/named/named.stats due to apparmor rules
Example from syslog:
Apr 27 19:33:49 ns named[1515]: received control channel command 'stats'
Apr 27 19:33:49 ns named[1515]: could not open statistics dump file '/var/run/named/named.stats': permission denied
Apr 27 19:33:49 ns named[1515]: dumpstats failed: permission denied
Apr 27 19:33:50 ns kernel: [432780.140162] type=1503 audit(1272389629.995:21): operation="open" pid=1516 parent=1 profile="/usr/sbin/named" requested_mask="ac::" denied_mask="ac::" fsuid=103 ouid=103 name="/var/run/named/named.stats"
I'm running Ubuntu 10.04, and this seems to happen both with a newly installed system and one upgraded from Ubuntu 8.04 LTS. With a /etc/apparmor.d/usr.sbin.named changed as the diff below, everything seems to work OK.
Please note that I haven't read up on which permissions should be
allowed to the stats-file, this was just a quick fix, so please change
the permissions if needed...
$ diff -u usr.sbin.named.orig usr.sbin.named.new
--- usr.sbin.named.orig 2010-04-27 22:15:43.005050234 +0200
+++ usr.sbin.named.new 2010-04-27 22:15:14.995624793 +0200
@@ -37,6 +37,7 @@
/usr/sbin/named mr,
/var/run/named/named.pid w,
/var/run/named/session.key w,
+ /var/run/named/named.stats rw,
# support for resolvconf
/var/run/named/named.options r,
** Affects: bind9 (Ubuntu)
Importance: Undecided
Status: New
--
permission denied on /var/run/named/named.stats
https://bugs.launchpad.net/bugs/570936
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to bind9 in ubuntu.
More information about the Ubuntu-server-bugs
mailing list