I was trying to follow your case, but hit even more:
[2794286.784575] apparmor="DENIED" operation="sendmsg"
profile="/usr/sbin/unbound" name="/run/systemd/notify" pid=4938 comm="unbound"
requested_mask="w" denied_mask="w" fsuid=118 ouid=0
[2794367.925181] apparmor="DENIED" operation="open" profile="/usr/sbin/unbound"
name="/var/lib/sss/mc/initgroups" pid=5111 comm="unbound" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
That would need:
With that in place I added /etc/unbound/unbound.conf.d/rc.conf as in the report
I didn't trigger the mentioned denies, but then maybe one would have to setup
unbound a bit more to do so.
If you can share the steps needed to trigger in addition to said config file.
Also if anyone does an upload later I think fixing the two extra rules I
outlined should be grouped with the fix.
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
unbound-control local socket broken by apparmor
To manage notifications about this bug go to:
ubuntu-bugs mailing list