Author: 'smee Date: To: dng Subject: Re: [DNG] Beowulf, and Apparmor's effect on bind9
On Sat, 2020-05-23 at 21:08 +0300, Dimitris via Dng wrote: > bug report link, was about /var/cache, not /var/log (?).. anyway, the
>
> default apparmor profile has this :
>
>
>
> # some people like to put logs in /var/log/named/ instead of having
>
> # syslog do the heavy lifting.
>
> /var/log/named/** rw,
>
> /var/log/named/ rw,
yeah apparently same issue, different file.
ah interesting tip.
> some people following net guides/migrating from older versions, already > used /var/log/bind/ or /var/log/bind8 or /var/log/bind9, or other custom > log path.
makes sense
> they all fail with default apparmor profile.. so, one could
> add (eg.) : > /var/log/bind9/** rw,
> /var/log/bind9/ rw,
>
> and everything would work.. I see
> in your example, "k" is for file lock, not sure it's needed in this case (?)
yeah I'm not sure either, I went with it just on the recommendation of
the bug report, which of course is for a different file which is not a
log, so you're probably right, log files probably don't require a lock.
> 2c.