[Apparmor-general] requested_mask="rw::rwl" denied_mask="::l"
Michael Varre
mvarre at gmail.com
Fri Jul 25 07:23:19 MDT 2008
Hello everyone, I am running BIND9 on Ubuntu 8.04.1 LTS and I seem to be
getting this sometimes when i make a change in this dir. The changes seem
to get made properly, so i dont really understand why apparmor is
complaining, or what the mask "::L" is. RW seems to function properly. Any
insight would be appreciated. thanks!
[1203814.084586] audit(1216992077.708:67): type=1503 operation="inode_link"
requested_mask="rw::rwl" denied_mask="::l"
name="/etc/bind/zones/slave/db-SStUCwoP"
name2="/etc/bind/zones/slave/mydomain.com.hosts" pid=21683
profile="/usr/sbin/named" namespace="default"
Included is my usr.sbin.named apparmor conf......
/usr/sbin/named {
#include <abstractions/base>
#include <abstractions/nameservice>
capability net_bind_service,
capability setgid,
capability setuid,
capability sys_chroot,
# /etc/bind should be read-only for bind
# /var/lib/bind is for dynamically updated zone (and journal) files.
# /var/cache/bind is for slave/stub data, since we're not the origin of
it.
# See /usr/share/doc/bind9/README.Debian.gz
/etc/bind/** r,
/var/lib/bind/** rw,
/var/cache/bind/** rw,
/etc/bind/zones/** rw,
/etc/bind/zones/slave/** rw,
/proc/net/if_inet6 r,
/usr/sbin/named mr,
/var/run/bind/run/named.pid w,
# support for resolvconf
/var/run/bind/named.options r,
}
--
mv
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://forge.novell.com/pipermail/apparmor-general/attachments/20080725/c59d7e82/attachment.html
More information about the Apparmor-general
mailing list