apparmor error when logging to /var/log/named/
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| bind9 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bug Description
Binary package hint: bind9
Intro:
Change your logging options to log to /var/log/named (as permitted by default apparmor profile). When the logs reach the limit and named attempts to rotate the file, apparmor denies reading from the directory (listing) so it cannot create the new file and move the old file to a new name: queries.log becomes queries.log.0
Error:
Nov 6 19:14:06 nibbler1 kernel: [3745271.955029] audit(122601684
Solution:
Allow named to read /var/log/named:
/etc/apparmor.
...
# some people like to put logs in /var/log/named/
/var/log/named/** rw,
/var/log/named/ rw,
...
cat /etc/apparmor.
sudo /etc/init.
That fixes the issue.
| Changed in bind9: | |
| status: | New → Fix Committed |
| Launchpad Janitor (janitor) wrote | #1 |
| Changed in bind9: | |
| status: | Fix Committed → Fix Released |
This bug was fixed in the package bind9 - 1:9.5.0.dfsg.P2-5
---------------
bind9 (1:9.5.0.dfsg.P2-5) unstable; urgency=low
[ISC]
* 2463: IPv6 Advanced Socket API broken on linux. LP: #249824
[Jamie Strandboge]
* apparmor: add capability sys_resource
* apparmor: add krb keytab access. LP: #277370
[LaMont Jones]
* apparmor: allow proc/*/net/if_inet6 read access too. LP: #289060
* apparmor: add /var/log/named/* entries. LP: #294935
[Ben Hutchings]
* meta: Add dependency of bind9 on net-tools (ifconfig used in init script)
* meta: Fix bind9utils Depends.
* meta: fix typo in package description
[localization folks]
* l10n: add polish debconf translations. Closes: #506856 (L)
-- Ubuntu Archive Auto-Sync <email address hidden> Wed, 10 Dec 2008 00:40:25 +0000