Authoritative and caching
Lee
ler762 at gmail.com
Sat Mar 15 22:16:03 UTC 2025
On Sat, Mar 15, 2025 at 5:25 PM Danjel Jungersen via bind-users
<bind-users at lists.isc.org> wrote:
>
> Apparmor was also mentioned, I have no experience with that, and have not changed it in any way (to my knowledge)...
On my machine,
$ journalctl -l | grep apparmor | grep bind |more
shows many lines like
Dec 14 08:00:12 spot audit[922]: AVC apparmor="DENIED"
operation="mknod" profile="named" name="/etc/bind/db.10.10.2.jbk"
pid=922 comm="isc-net-0002" requested_mask="c" denied_mask="c"
fsuid=116 ouid=116
Dec 14 08:00:12 spot audit[922]: AVC apparmor="DENIED"
operation="mknod" profile="named" name="/etc/bind/db.home.net.jbk"
pid=922 comm="isc-net-0003" requested_mask="c" denied_mask="c"
fsuid=116 ouid=116
/etc/apparmor.d/usr.sbin.named on my machine has
# /etc/bind should be read-only for bind
and I'm clearly violating that assumption :(
Rather than fix my bind config I fixed the apparmor config. If you go
that way remember to do
/etc/init.d/apparmor restart
to have the new apparmor rules take effect.
Regards,
Lee
More information about the bind-users
mailing list