[Bug 466315] Re: bind9 missed a dependency with apparmor-profiles
** Changed in: bind9 (Ubuntu) Status: New = Confirmed -- bind9 missed a dependency with apparmor-profiles https://bugs.launchpad.net/bugs/466315 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to bind9 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 466315] Re: bind9 missed a dependency with apparmor-profiles
Thank you for taking the time to report this bug and helping to make Ubuntu better. To help fix the bug, please follow the instructions found in https://wiki.ubuntu.com/DebuggingApparmor. This will greatly help us in tracking down your problem. ** Changed in: bind9 (Ubuntu) Status: Confirmed = Incomplete ** Changed in: bind9 (Ubuntu) Assignee: (unassigned) = Jamie Strandboge (jdstrand) -- bind9 missed a dependency with apparmor-profiles https://bugs.launchpad.net/bugs/466315 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to bind9 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
Re: [Bug 466315] Re: bind9 missed a dependency with apparmor-profiles
On 2009-11-03T22:53:27-, Jamie Strandboge ja...@ubuntu.com wrote: apparmor-profiles is in universe, and bind9 is in main, so bind9 cannot depend on apparmor-profiles. I see. This error is confusing because apparmor-profiles on 9.10 does not provide a profile for usr.sbin.named, and provides no abstractions. Yes, this is strange. % dlocate -S /etc/apparmor.d/usr.sbin.named bind9: /etc/apparmor.d/usr.sbin.named I did sudo aa-complain =named, sudo aptitude remove apparmor-profiles, stopped and started bind9, saw no complaints. Same after sudo aa-enforce =named, no problems, bind9 works. So this bug might be some kind of weirdness that happens when upgrading bind9. I did the jaunty-karmic upgrade via do-release-upgrade. I had bind9 1:9.5.1.dfsg.P2-1ubuntu0.1 on jaunty. Kenyon, can you attach a tarball of your /etc/apparmor.d/ directory? $ sudo tar -zcvf /tmp/466315.tar.gz /etc/apparmor.d Tarballs attached. One is with apparmor-profiles installed, one is after removing it. -- Kenyon Ralph ** Attachment added: etc-apparmor.d-with-apparmor-profiles.tar.gz http://launchpadlibrarian.net/35062090/etc-apparmor.d-with-apparmor-profiles.tar.gz ** Attachment added: etc-apparmor.d-without-apparmor-profiles.tar.gz http://launchpadlibrarian.net/35062091/etc-apparmor.d-without-apparmor-profiles.tar.gz ** Changed in: bind9 (Ubuntu) Status: Incomplete = Confirmed ** Summary changed: - bind9 missed a dependency with apparmor-profiles + bind9 jaunty to karmic upgrade causes initial apparmor audit with openssl.cnf, seems fixed by installing apparmor-profiles but not really -- bind9 jaunty to karmic upgrade causes initial apparmor audit with openssl.cnf, seems fixed by installing apparmor-profiles but not really https://bugs.launchpad.net/bugs/466315 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to bind9 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 466315] Re: bind9 missed a dependency with apparmor-profiles
I was having the same problem, I then did as Kenyon suggested and it fixed the problem. Here is the tar file of the apparmor.d directory. ** Attachment added: contents of apparmor.d http://launchpadlibrarian.net/35062000/466315.tar.gz -- bind9 missed a dependency with apparmor-profiles https://bugs.launchpad.net/bugs/466315 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to bind9 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 466315] Re: bind9 missed a dependency with apparmor-profiles
The problem is simply fixed by installing the apparmor-profiles package. So adding a dependency on that package would seem to be one way to fix this, as suggested in the original report. Bug #472472 has more details. Here is an example kern.log entry from my system before installing apparmor-profiles: Nov 3 02:53:39 voodoo kernel: [1140012.457778] type=1503 audit(1257245619.887:60): operation=inode_permission requested_mask=::r denied_mask=::r fsuid=112 name=/etc/ssl/openssl.cnf pid=20929 profile=/usr/sbin/named After installing the apparmor-profiles package, named works normally, with no apparmor complaints. ** Changed in: bind9 (Ubuntu) Status: Incomplete = Confirmed -- bind9 missed a dependency with apparmor-profiles https://bugs.launchpad.net/bugs/466315 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to bind9 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 466315] Re: bind9 missed a dependency with apparmor-profiles
apparmor-profiles is in universe, and bind9 is in main, so bind9 cannot depend on apparmor-profiles. This error is confusing because apparmor-profiles on 9.10 does not provide a profile for usr.sbin.named, and provides no abstractions. Kenyon, can you attach a tarball of your /etc/apparmor.d/ directory? $ sudo tar -zcvf /tmp/466315.tar.gz /etc/apparmor.d ** Changed in: bind9 (Ubuntu) Status: Confirmed = Incomplete -- bind9 missed a dependency with apparmor-profiles https://bugs.launchpad.net/bugs/466315 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to bind9 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs