AppArmor, DHCP, Bind9 issue [SOLVED]
oza.4h07 at gmail.com
Thu Oct 1 15:27:02 UTC 2020
Thank you all for replying !
Thanks to your suggestions, creating an /etc/bind/subdir directory, and
tweaking /etc/apparmor.d/usr.sbin.named allowed me to let ISC DHCP update
1. I'm hesitant to file a bug on Debian about this. As this both involves
Bind9 and AppArmor, would you say it deserves to be implemented and
documented in default Bind9 installation or that it is too specific for
2. If it deserves to to be implemented, how would you name this
/etc/bind/subdir directory ?
I personally used "/etc/bind/ddns-zones" but surely there exist
alternatives that better describe the purpose of this directory (hosting
config that bind9 needs to rewrite) such as :
Detailed steps I followed on Debian Buster to work around the issue were:
chown root:bind /etc/bind/ddns-zones
# I don't know if plain 775 better fits. Comments welcome
chmod 2775 /etc/bind/ddns-zones
Adding into /etc/apparmor.d/usr.sbin.named, a line:
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the bind-users