Yeah, this GetDynamicUsers denial is probably unrelated and should/will
be addressed in another bug. Thanks for double checking the alias trick!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1841364
I can confirm that the following commands fixes the problem so Ubound
can start again:
echo 'alias / -> /upper/,' >> /etc/apparmor.d/tunables/alias
apparmor_parser -r -T -W /etc/apparmor.d/usr.sbin.unbound
I noticed that when it starts, another AppArmor-related error message is
logged:
[
That would be a change in apparmor to generally help the live system, and much
less an unbound specific issue.
Therefore I added a task for apparmor for the people triaging/fixing that to
take a look.
** Also affects: apparmor (Ubuntu)
Importance: Undecided
Status: New
--
You
I use the alias feature in reverse (doh!). That one did the trick:
# /etc/apparmor.d/tunables/alias
alias / -> /upper/,
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1841364
Title:
AppArmor
** Tags removed: server-triage-discuss
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1841364
Title:
AppArmor breaks the default Unbound installation in a live session
To manage notifications about
** Changed in: unbound (Ubuntu)
Importance: Undecided => Low
** Changed in: unbound (Ubuntu)
Status: Confirmed => Triaged
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1841364
Title:
** Tags added: server-triage-discuss
--
You received this bug notification because you are a member of Ubuntu
Server, which is subscribed to unbound in Ubuntu.
https://bugs.launchpad.net/bugs/1841364
Title:
AppArmor breaks the default Unbound installation in a live session
To manage
** Tags added: server-triage-discuss
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1841364
Title:
AppArmor breaks the default Unbound installation in a live session
To manage notifications about
That does not work, same error message when attempting to restart
unbound.
The apparmor_parser command results in the following being logged to the
system journal:
aug. 28 16:08:02 ubuntu audit[6536]: AVC apparmor="STATUS"
operation="profile_replace" info="same as current profile, skipping"
As root:
echo 'alias /upper/ -> /,' >> /etc/apparmor.d/tunables/alias
rm -f /etc/apparmor.d/force-complain/usr.sbin.unbound
apparmor_parser -r -T -W /etc/apparmor.d/usr.sbin.unbound
service unbound restart
Then you should hopefully see no more Apparmor denials.
--
You received this bug
Sure, I can test if you tell me how, ideally spoon-fed. Like I said, I
have no experience with AppArmor so I don't know how to install alias
rules.
By the way, I finished the my blog post, of the six DNSSEC validators I
tested it was only Unbound that didn't work in the live environment (but
of
Would you mind testing the alias rule I suggested in comment #3? If it
works, it would in theory fix not only Unbound but every applications
shipping with an Apparmor profile.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Summary changed:
- AppArmor breaks the default Unbound installation
+ AppArmor breaks the default Unbound installation in a live session
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1841364
13 matches
Mail list logo