著者: Dimitris 日付: To: dng 題目: Re: [DNG] Beowulf, and Apparmor's effect on bind9
On 5/23/20 8:42 PM, 'smee via Dng wrote: >
> The workaround mentioned in the bug report for is to add explicit
> permissions in /etc/apparmor.d/local/usr.sbin.named by adding a line to
> that file with the path to the problem file and the permissions. In
> this case rwk for read/write/lock. In my case I added this line:
>
> /var/log/misc.log rwk
[plain text this time..]
bug report link, was about /var/cache, not /var/log (?).. anyway, the
default apparmor profile has this :
# some people like to put logs in /var/log/named/ instead of having
# syslog do the heavy lifting.
/var/log/named/** rw,
/var/log/named/ rw,
some people following net guides/migrating from older versions, already
used /var/log/bind/ or /var/log/bind8 or /var/log/bind9, or other custom
log path. they all fail with default apparmor profile.. so, one could
add (eg.) :
/var/log/bind9/** rw,
/var/log/bind9/ rw,
and everything would work..
in your example, "k" is for file lock, not sure it's needed in this case (?)