On 5/23/20 8:42 PM, 'smee via Dng wrote:
>
> The workaround mentioned in the bug report for is to add explicit
> permissions in /etc/apparmor.d/local/usr.sbin.named by adding a line to
> that file with the path to the problem file and the permissions. In
> this case rwk for read/write/lock. In my case I added this line:
>
> /var/log/misc.log rwk


[plain text this time..]

bug report link, was about /var/cache, not /var/log (?).. anyway, the
default apparmor profile has this :

# some people like to put logs in /var/log/named/ instead of having
# syslog do the heavy lifting.
/var/log/named/** rw,
/var/log/named/ rw,

some people following net guides/migrating from older versions, already
used /var/log/bind/ or /var/log/bind8 or /var/log/bind9, or other custom
log path. they all fail with default apparmor profile.. so, one could
add (eg.) :

/var/log/bind9/** rw,
/var/log/bind9/ rw,

and everything would work..

in your example, "k" is for file lock, not sure it's needed in this case (?)

2c.
d.