Mirsad Goran Todorovac <mirsad.todoro...@alu.unizg.hr> writes: > Apparently, APPARMOR denied opening of the journal file in > /etc/bind/zones even when the directory hand bind group write > permissions.
Looking at the default policy in /etc/apparmor.d/usr.sbin.named in the Debian bind9 package, I see that /etc/bind/ only have read access: # /etc/bind should be read-only for bind # /var/lib/bind is for dynamically updated zone (and journal) files. # /var/cache/bind is for slave/stub data, since we're not the origin of it. # See /usr/share/doc/bind9/README.Debian.gz /etc/bind/** r, /var/lib/bind/** rw, /var/lib/bind/ rw, /var/cache/bind/** lrw, /var/cache/bind/ rw, You can probably override this with a local policy, but I guess life is easier if you just go with the flow. If you really want to use apparmor, that is... Bjørn -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users