rndc stats on SLES 10 (BIND 9.3.2)
skalyanasundaram at novell.com
Fri Oct 5 13:19:41 UTC 2007
On Mon, 2007-09-24 at 10:45 -0500, Ryan McCain wrote:
> When I ran "rndc stats I used to get an error, now after changing directory permissions around it just goes to a shell prompt. See below:
> dss-dr93la05:/var/lib/named/slave # rndc stats
> dss-dr93la05:/var/lib/named/slave #
> This is from named.conf:
> statistics-file "/var/log/named.stats";
> zone-statistics yes;
> notify no;
> # recursion no;
> ...As you can see the permissions are set to give everyone 777 to named.stats
> dss-dr93la05:/var/log # ll named.stats
> -rwxrwxrwx 1 root root 27020 2007-09-24 10:39 named.stats
> dss-dr93la05:/var/log #
> ..There are stats in the the named.stats file, however for some reason running rndc stats doesn't display them.
> One thing Im thinking of that might be confusing BIND is that we initially installed it to run in a chroot jail. After the fact we changed that in /etc/sysconfig/named to not run in a chroot jail.
> Any ideas?
SLES10 comes with an default apparmor profile. I dont see any path
relevant to /var/log. I guess that is the reason.
Do a rcapparmor stop. and try rndc stats
Use complain command and give named as input. This will make your named
profile in complain mode and will allow named to access files.
Do logprof to check if /var/log/named.stats is accessed
by /usr/sbin/named if then give yes to add permissions.
I had similar kind of problem. I may be wrong also. Just a thought..
More information about the bind-users