Your message dated Sat, 07 May 2022 07:49:42 +0000
with message-id <[email protected]>
and subject line Bug#1010517: fixed in unbound 1.15.0-9
has caused the Debian Bug report #1010517,
regarding unbound apparmor profile does not let the root.key write making
unbound fail to start
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1010517: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010517
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: unbound
Version: 1.15.0-8
Severity: normal
When enabling apparmor, unbound fails to start. From the dmesg:
audit: type=1400 audit(1651577812.219:369): apparmor="DENIED" \
operation="mknod" profile="/usr/sbin/unbound" \
name="/etc/unbound/var/lib/unbound/root.key.68281-0-55cf18ed18a0" \
pid=68281 comm="unbound" requested_mask="c" denied_mask="c" \
fsuid=930 ouid=930
from the unbound log:
unbound: [68281:0] fatal error: could not open autotrust file for writing, \
/var/lib/unbound/root.key.68281-0-55cf18ed18a0: Permission denied
There are 2 issues there: the wrong apparmor profile and the behavour
of unbound which makes this error to be fatal.
/mjt
--- End Message ---
--- Begin Message ---
Source: unbound
Source-Version: 1.15.0-9
Done: Michael Tokarev <[email protected]>
We believe that the bug you reported is fixed in the latest version of
unbound, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Tokarev <[email protected]> (supplier of updated unbound package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 07 May 2022 10:34:09 +0300
Source: unbound
Architecture: source
Version: 1.15.0-9
Distribution: unstable
Urgency: medium
Maintainer: unbound packagers <[email protected]>
Changed-By: Michael Tokarev <[email protected]>
Closes: 1010517
Changes:
unbound (1.15.0-9) unstable; urgency=medium
.
* d/apparmor-profile: remove old /var/run/ alternatives for /run
* d/apparmor-profile: allow /etc/unbound/var/lib/unbound/ access too,
for chrooting to upstream-preferred /etc/unbound (Closes: #1010517)
* d/rules: stop explicitly exporting CFLAGS/LDFLAGS, dh_auto_* does this
automatically since dh-compat 9
* d/rules: do not enable --with-lto-server on kfreebsd (this fixes FTBFS)
It is a good candicate for an autoconf test.
* d/rules: add comments for --disable-lto, --with-libbsd
* d/tests/: add simple autopkgtest (verify www.debian.org record with DNSSEC)
Checksums-Sha1:
18126a1f91485be6bd0cf38131afa1d47006e6bc 2843 unbound_1.15.0-9.dsc
3af886669f9369c6b350e8e2b98af597329db901 28660 unbound_1.15.0-9.debian.tar.xz
03aab23e0efe3533d7e6d2c39ef9d53f422d5bea 7728 unbound_1.15.0-9_source.buildinfo
Checksums-Sha256:
fc1876878214744c26e02e5e2c42cd5bc46530298bb398dadc0514c38aab962e 2843
unbound_1.15.0-9.dsc
910ba0738f637cd4e5e047f4b2ea127a41233c68ee2eaf9ead23e1235db1a40d 28660
unbound_1.15.0-9.debian.tar.xz
6329474ab828d3f898f05b09e2056fad4091af0ed2e886556e834582077e342d 7728
unbound_1.15.0-9_source.buildinfo
Files:
36ecbea127afadcfd18abf65a8accdcc 2843 net optional unbound_1.15.0-9.dsc
ecff8299db3c076e5defad2befe2ef2a 28660 net optional
unbound_1.15.0-9.debian.tar.xz
d02fee435b27c05c9d6e40ac18cc3c0e 7728 net optional
unbound_1.15.0-9_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQFDBAEBCAAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAmJ2IT8PHG1qdEB0bHMu
bXNrLnJ1AAoJEHAbT2saaT5Z3XoIAKzceSnMzt85CEdI+OI9YjOgqnQPiYyZcLZL
s7sgZKcH/fot29xeXN0QrzMm0SKrzQH7lFrqrESpuCdWFfS9cfUyleGH8PRAG2vt
qRJbf6Xf/sdECd4EbG+ZiSOfllKsrfrNBrnqUyjEbHxYDLy0iLKzffBPTBnBU1un
OVFi279BsVvI6aDbt4Y1tlgHHxoNhI9fZ9FOP8RuPucNQklua2pb7JfMopywaLqE
97YpUTAN6S6RuTHPXZ1BW+xsf1MgkEw3pW8KMfF//xub8bUGHXJA6eCr/hu4fu41
ZinwqIZEs376rTQ3inLi259lv3K1R1Gpr6vQ/CniIgvh+qdoWHU=
=AFZw
-----END PGP SIGNATURE-----
--- End Message ---
