I understand why this isn't working on reboot-- I misread your comment. When you do this: 1. aa-complain 2. start bind 3. aa-enforce
bind is still running unconfined (you can see this with 'aa-status'). If you were to stop then start bind, the enforcing profile would be in effect, and therefore bind won't start. This is also what is happening on reboot. The question then becomes how do you adjust the enforcing profile to work correctly within your environment. This doesn't see like a bug, but rather a configuration problem. Let's start over: 1. after a reboot (and therefore the failed bind9 start), please attach the output of: $ sudo apparmor_parser -p /etc/apparmor.d/usr.sbin.named 2. please attach your kern.log -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/665264 Title: bind chroot not allowed To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/665264/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs