How to allow bind in app armor?
Solution 1:
[ 5909.432759] type=1400 audit(1344103797.021:146): apparmor="DENIED" operation="open" parent=8800 profile="/usr/sbin/named" name="/var/log/query.log" pid=8805 comm="named" requested_mask="ac" denied_mask="ac" fsuid=107 ouid=0
That’s because named isn’t allowed to write to the file /var/log/query.log
. To solve this issue, open the local include for the apparmor profile of named (/etc/apparmor.d/local/usr.sbin.named
), add this line:
/var/log/query.log rw,
Then run
sudo apparmor_parser -r /etc/apparmor.d/usr.sbin.named
to reload the profile.