10.04 odd apparmor behavior with chrooted bind
Aaron Bennett
abennett at clarku.edu
Fri Oct 22 11:48:18 UTC 2010
> -----Original Message-----
> From: Serge Hallyn [mailto:serge.hallyn at canonical.com]
>
> Interesting - could you run that in 'strace -f' so we can see exactly what fails?
> The profile sure seems to be granting CAP_CHROOT...
>
> I'd recommend opening a bug so the apparmor folks see it.
>
> thanks,
> -serge
Here you go, Serge --
Thanks for looking at it. After you have a chance, let me know if you still think it needs an apparmor bug.
FWIW, if I do:
service apparmor restart; complain /usr/sbin/named ; enforce /usr/sbin/named ; service bind9 start
then bind9 starts. If I do the apparmor reststart and the bind9 start without the complain/enforce loop then it fails.
Thanks again,
Aaron
More information about the ubuntu-server
mailing list