Public bug reported: Binary package hint: apparmor
Easily reproducible. 1) Fresh minimal install of LTS 8.04 Hardy 2) Install bind9, verify that permissions ARE correct 3) Create the chroot (scroll down to "DNS Server" section of http://www.howtoforge.com/perfect-server-ubuntu8.04-lts-p4 to copy/paste this setup easily ) 3) Edit /etc/default/bind9 changing this line to this: OPTIONS="-u bind -t /var/lib/named" 4) Try to start bind. It will complain thusly to syslog: none:0: open: /etc/bind/named.conf: permission denied loading configuration: permission denied exiting (due to fatal error) To make bind work: /etc/init.d/apparmor stop /etc/init.d/bind9 start To make it fail: /etc/init.d/apparmor stop /etc/init.d/bind9 restart Unable to find sufficient documentation on apparmor to discover a workaround, that would be satisfactory as well though the next point release should make this behavior a default; for many years and for many reasons most servers have run bind in a chroot jail. ** Affects: apparmor (Ubuntu) Importance: Undecided Status: New -- default apparmor setting prevents bind from running under chroot https://bugs.launchpad.net/bugs/236510 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs