for what it's worth, here is my /etc/apparmor.d/local/usr.sbin.named:
/var/bind9/chroot/etc/bind/** r,
/var/bind9/chroot/var/lib/bind/** rw,
/var/bind9/chroot/var/lib/bind/ rw,
/var/bind9/chroot/var/cache/bind/** rw,
/var/bind9/chroot/var/cache/bind/ rw,
poor decision. I have had to totally disable apparmor until i figure out
the profiles.
--
default apparmor setting prevents bind from running under chroot
https://bugs.launchpad.net/bugs/236510
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed
The apparmor profile contains bind9 in a similar way that the
traditional chrooting does. There is no reason to chroot bind9 on Ubuntu
if you are using the AppArmor profile. The reason why the profile was
developed was so that all bind9 users would benefit from the enhanced
security of running