On Sat, Mar 15, 2025 at 5:25 PM Danjel Jungersen via bind-users <bind-users@lists.isc.org> wrote: > > Apparmor was also mentioned, I have no experience with that, and have not > changed it in any way (to my knowledge)...
On my machine, $ journalctl -l | grep apparmor | grep bind |more shows many lines like Dec 14 08:00:12 spot audit[922]: AVC apparmor="DENIED" operation="mknod" profile="named" name="/etc/bind/db.10.10.2.jbk" pid=922 comm="isc-net-0002" requested_mask="c" denied_mask="c" fsuid=116 ouid=116 Dec 14 08:00:12 spot audit[922]: AVC apparmor="DENIED" operation="mknod" profile="named" name="/etc/bind/db.home.net.jbk" pid=922 comm="isc-net-0003" requested_mask="c" denied_mask="c" fsuid=116 ouid=116 /etc/apparmor.d/usr.sbin.named on my machine has # /etc/bind should be read-only for bind and I'm clearly violating that assumption :( Rather than fix my bind config I fixed the apparmor config. If you go that way remember to do /etc/init.d/apparmor restart to have the new apparmor rules take effect. Regards, Lee -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
