> -----Original Message----- > From: Serge Hallyn [mailto:[email protected]] > > Interesting - could you run that in 'strace -f' so we can see exactly what > fails? > The profile sure seems to be granting CAP_CHROOT... > > I'd recommend opening a bug so the apparmor folks see it. > > thanks, > -serge
Here you go, Serge -- Thanks for looking at it. After you have a chance, let me know if you still think it needs an apparmor bug. FWIW, if I do: service apparmor restart; complain /usr/sbin/named ; enforce /usr/sbin/named ; service bind9 start then bind9 starts. If I do the apparmor reststart and the bind9 start without the complain/enforce loop then it fails. Thanks again, Aaron
strace.out
Description: strace.out
-- ubuntu-server mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
