On 29/06/2023 14:13, Daniel Armando Rodriguez via bind-users wrote:
[snip]
Error is not the same as before, I see it know (fresh eyes maybe)
Jun 29 08:42:37 web kernel: [5679658.761672] audit: type=1400
audit(1688038957.685:548): apparmor="DENIED" operation="mknod"
profile="named" name="/etc/bind/zonas/db.unau.edu.ar.jbk" pid=1350974
comm="isc-net-0001" requested_mask="c" denied_mask="c" fsuid=107 ouid=107
[snip]
So, shouldn't that write attempt happen in /var/cache/bind?
When BIND signs a zone, it keeps a copy of the signed zone next to the
original zone file, by creating a .signed file. Along with that it also
creates a couple of other files, for journaling and keeping state.
In your case, BIND will try to create those in /etc/bind/zonas, and
apparmor is denying it.
Move your zone files into /var/cache/bind, which is a better place to
keep zone files, and not /etc/bind (this should be for BIND's
configuration, not for zone files).
Regards,
Anand
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
