On Tuesday 03 July 2007 08:58, Fajar Priyanto wrote: > On Tuesday 03 July 2007 05:25, Fajar Priyanto wrote: > > Hello all, > > I installed zimbra on my Opensuse10.2. All was ok. Until I rebooted it, > > bind failed to start with this error: > > # rcnamed restart > > ..dead > > Shutting down name server BIND - Warning: named not running! done > > Starting name server BIND /usr/sbin/named: error while loading shared > > libraries: libldap-2.3.so.0: failed to map segment from shared object: > > Operation not permitted > > startproc: exit status of parent of /usr/sbin/named: 127 > > > > failed > > > > I've searched zimbra's forum and there's some guys with the same problem. > > The proposed solution is to uninstall bind and compile again from source. > > > > Have anyone encountered this? > > Thank you very much, > > After further testing, I found this in /var/log/audit/audit.log: > type=APPARMOR msg=audit(1183427817.684:13): REJECTING m access > to /opt/zimbra/lib/libldap-2.3.so.0.2.22 (named(7063) profile > /usr/sbin/named active /usr/sbin/named) > > What is it? Can I tell apparmor to allow it? Or should I turn off apparmor? > How?
Ah, finally! Apparmor is really interesting. I think it's similar to SELinux? But, with a much easier to manage. Ok, looks like by looking the audit.log, it says about bind is not allowed to "map" to zimbra's library. The solution is to allow it. To do it in apparmor, Yast > Apparmor> Edit profile > named > Add Entry > File > /opt/zimbra/lib/* > Save. Done! Suse is cool! :) -- Fajar Priyanto | Reg'd Linux User #327841 | Linux tutorial http://linux2.arinet.org 9:08am up 0:59, 2.6.18.2-34-default GNU/Linux Let's use OpenOffice. http://www.openoffice.org
pgpoN6VG4rrIc.pgp
Description: PGP signature
