10.04 odd apparmor behavior with chrooted bind
Serge Hallyn
serge.hallyn at canonical.com
Fri Oct 22 13:42:18 UTC 2010
Quoting Aaron Bennett (abennett at clarku.edu):
> > -----Original Message-----
> >
> > Thanks for looking at it. After you have a chance, let me know if you still
> > think it needs an apparmor bug.
> >
> > FWIW, if I do:
> >
> > service apparmor restart; complain /usr/sbin/named ; enforce
> > /usr/sbin/named ; service bind9 start
> >
> > then bind9 starts. If I do the apparmor reststart and the bind9 start without
> > the complain/enforce loop then it fails.
> >
> > Thanks again,
> >
> > Aaron
>
> I'm sorry -- the attachment was bad. Here it is again...
Thanks, Aaron. Just to dispell with (or confirm) the notion that it's
file access controls blocking the chroot, can you please add
/var/bind/** ixrmw,
to the apparmor profile?
If that works, then we can experiment with (or ask the pros to tell us)
the minimal perms actually needed - might just be '/var/bind/chroot r',
not sure.
thanks,
-serge
More information about the ubuntu-server
mailing list