On 2019-05-14 21:50 -0700, Ross Boylan wrote:
> I have a new buster system with a bind setup based on (much) older*
> systems, on which it worked fine. On buster, it doesn't.
> In two different places in my configuration I referred to files or
> directories that were outside of bind proper, and in both cases this
> failed with permission problems.
> I'm pretty sure bind is running under systemd, and have seen various
> references to systemd limiting access to the file system. However, I
> don't see anything that appears to be requesting such limits for
> bind9, or in general. /var is a different partition from /, and I
> configured bind to run as an ordinary user.
>
> Any ideas what's going on, or what I can do to fix it?
Most likely this has nothing to do with systemd, rather it's apparmor
which denies access to /run/named/named.resolvers.
> // RB modified resolv.conf with custom
> /etc/resolvconf/update.d/bind9 to create this file.
> //include "/run/named/named.resolvers";
> /* Error was
> May 11 12:46:27 barley named[15935]: loading configuration from
> '/etc/bind/named.conf'
> May 11 12:46:27 barley named[15935]: /etc/bind/named.conf.options:18:
> open: /run/named/named.resolvers: permission denied
The question is why your /etc/bind/named.conf.options file tries to open
/run/named/named.resolvers. Certainly this is not done by default, and
you probably want to fix that.
Cheers,
Sven
