On 5/23/20 8:42 PM, 'smee via Dng wrote: > > The workaround mentioned in the bug report for is to add explicit > permissions in /etc/apparmor.d/local/usr.sbin.named by adding a line to > that file with the path to the problem file and the permissions. In > this case rwk for read/write/lock. In my case I added this line: > > /var/log/misc.log rwk
[plain text this time..] bug report link, was about /var/cache, not /var/log (?).. anyway, the default apparmor profile has this : # some people like to put logs in /var/log/named/ instead of having # syslog do the heavy lifting. /var/log/named/** rw, /var/log/named/ rw, some people following net guides/migrating from older versions, already used /var/log/bind/ or /var/log/bind8 or /var/log/bind9, or other custom log path. they all fail with default apparmor profile.. so, one could add (eg.) : /var/log/bind9/** rw, /var/log/bind9/ rw, and everything would work.. in your example, "k" is for file lock, not sure it's needed in this case (?) 2c. d.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng