[Bug 600106] [NEW] apparmor blocks journal creation for dnssec

Wed, 30 Jun 2010 00:56:04 -0700 

Public bug reported:

Binary package hint: bind9

Ubuntu 10.04 lucid lynx (x86), bind 9.7.0
When dnssec is operating with "auto-dnssec: maintain;", dnssec fails to work 
and the following appears in syslog:

Jun 30 03:04:03 ogodei named[29889]: zone robot.mbhs.edu/IN/public: 
reconfiguring zone keys
Jun 30 03:04:03 ogodei named[29889]: running
Jun 30 03:04:03 ogodei named[29889]: /etc/bind/external/db.robot.mbhs.edu.jnl: 
create: permission denied
Jun 30 03:04:03 ogodei named[29889]: zone robot.mbhs.edu/IN/public: 
zone_rekey:dns_journal_open -> unexpected error
Jun 30 03:04:03 ogodei kernel: [33711.144385] type=1503 
audit(1277881443.258:37):  operation="mknod" pid=29890 parent=1 
profile="/usr/sbin/named" requested_mask="c::" denied_mask="c::" fsuid=105 
ouid=105 name="/etc/bind/external/db.robot.mbhs.edu.jnl"
Jun 30 03:04:03 ogodei named[29889]: /etc/bind/external/db.robot.mbhs.edu.jnl: 
create: permission denied
Jun 30 03:04:03 ogodei named[29889]: zone robot.mbhs.edu/IN/public: 
zone_sign:dns_journal_open -> unexpected error
Jun 30 03:04:03 ogodei kernel: [33711.228123] type=1503 
audit(1277881443.342:38):  operation="mknod" pid=29890 parent=1 
profile="/usr/sbin/named" requested_mask="c::" denied_mask="c::" fsuid=105 
ouid=105 name="/etc/bind/external/db.robot.mbhs.edu.jnl"
Jun 30 03:04:03 ogodei named[29889]: /etc/bind/external/db.robot.mbhs.edu.jnl: 
create: permission denied
Jun 30 03:04:03 ogodei named[29889]: zone robot.mbhs.edu/IN/public: 
zone_sign:dns_journal_open -> unexpected error
Jun 30 03:04:03 ogodei kernel: [33711.314689] type=1503 
audit(1277881443.426:39):  operation="mknod" pid=29891 parent=1 
profile="/usr/sbin/named" requested_mask="c::" denied_mask="c::" fsuid=105 
ouid=105 name="/etc/bind/external/db.robot.mbhs.edu.jnl"
Jun 30 03:04:03 ogodei named[29889]: /etc/bind/external/db.robot.mbhs.edu.jnl: 
create: permission denied
Jun 30 03:04:03 ogodei kernel: [33711.399835] type=1503 
audit(1277881443.510:40):  operation="mknod" pid=29890 parent=1 
profile="/usr/sbin/named" requested_mask="c::" denied_mask="c::" fsuid=105 
ouid=105 name="/etc/bind/external/db.robot.mbhs.edu.jnl"
Jun 30 03:04:03 ogodei named[29889]: zone robot.mbhs.edu/IN/public: 
zone_sign:dns_journal_open -> unexpected error
Jun 30 03:04:03 ogodei named[29889]: /etc/bind/external/db.robot.mbhs.edu.jnl: 
create: permission denied
Jun 30 03:04:03 ogodei named[29889]: zone robot.mbhs.edu/IN/public: 
zone_sign:dns_journal_open -> unexpected error
Jun 30 03:04:03 ogodei kernel: [33711.485981] type=1503 
audit(1277881443.598:41):  operation="mknod" pid=29891 parent=1 
profile="/usr/sbin/named" requested_mask="c::" denied_mask="c::" fsuid=105 
ouid=105 name="/etc/bind/external/db.robot.mbhs.edu.jnl"


This is fixed by disabling apparmor for usr.sbin.named.

** Affects: bind9 (Ubuntu)
     Importance: Undecided
         Status: New

-- 
apparmor blocks journal creation for dnssec
https://bugs.launchpad.net/bugs/600106
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to