Yeah, this GetDynamicUsers denial is probably unrelated and should/will be addressed in another bug. Thanks for double checking the alias trick!
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1841364 Title: AppArmor breaks the default Unbound installation in a live session Status in apparmor package in Ubuntu: New Status in unbound package in Ubuntu: Triaged Bug description: Immediately after installing Unbound, it starts up normally. However, if you try to restart it afterwards (without changing anything), it fails with the following error message: Aug 25 10:41:26 ubuntu unbound[6650]: /etc/unbound/unbound.conf:10: error: cannot open include file '/etc/unbound/unbound.conf.d/*.conf': No such file or directory Aug 25 10:41:26 ubuntu unbound[6650]: read /etc/unbound/unbound.conf failed: 1 errors in configuration file Aug 25 10:41:26 ubuntu unbound[6650]: [1566729686] unbound[6650:0] fatal error: Could not read config file: /etc/unbound/unbound.conf. Maybe try unbound -dd, it stays on the commandline to see more errors, or unbound-checkconf There *are* files matching the above glob pattern, however: root@ubuntu:~# echo /etc/unbound/unbound.conf.d/*.conf /etc/unbound/unbound.conf.d/qname-minimisation.conf /etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf unbound-checkconf, on the other hand, determines the configuration to be fine: root@ubuntu:~# unbound-checkconf unbound-checkconf: no errors in /etc/unbound/unbound.conf In the kernel log I can see that AppArmor is the probable culprit: Aug 25 10:41:26 ubuntu kernel: audit: type=1400 audit(1566729686.377:239): apparmor="DENIED" operation="open" profile="/usr/sbin/unbound" name="/upper/etc/unbound/unbound.conf.d/" pid=6650 comm="unbound" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 Steps to reproduce: 1. Download ubuntu-19.04-desktop-amd64.iso from https://ubuntu.com/download/desktop 2. Boot the downloaded ISO file in a virtual machine 3. Start gnome-terminal 4. sudo -i 5. apt-add-repository universe 6. apt -y install unbound 7. systemctl status unbound # verify that it is runnning 8. systemctl restart unbound 9. systemctl status unbound # verify that it failed to start 10. journalctl -kn1 # display AppArmor error message To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1841364/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
