10.04 odd apparmor behavior with chrooted bind

Serge Hallyn serge.hallyn at canonical.com
Fri Oct 22 13:42:18 UTC 2010


Quoting Aaron Bennett (abennett at clarku.edu):
> > -----Original Message-----
> > 
> > Thanks for looking at it.  After you have a chance, let me know if you still
> > think it needs an apparmor bug.
> > 
> > FWIW, if I do:
> > 
> > service apparmor restart; complain /usr/sbin/named ; enforce
> > /usr/sbin/named ; service bind9 start
> > 
> > then bind9 starts.  If I do the apparmor reststart and the bind9 start without
> > the complain/enforce loop then it fails.
> > 
> > Thanks again,
> > 
> > Aaron
> 
> I'm sorry -- the attachment was bad.  Here it is again...

Thanks, Aaron.  Just to dispell with (or confirm) the notion that it's
file access controls blocking the chroot, can you please add

	/var/bind/** ixrmw,

to the apparmor profile?

If that works, then we can experiment with (or ask the pros to tell us)
the minimal perms actually needed - might just be '/var/bind/chroot r',
not sure.

thanks,
-serge




More information about the ubuntu-server mailing list