On Wed, May 15, 2019 at 10:39 AM Sven Joachim <svenj...@gmx.de> wrote:
....
> I am not really familiar with apparmor or resolvconf, but in
> /etc/apparmor.d/usr.sbin.named I found the following:
>
> ,----
> | # support for resolvconf
> | /{,var/}run/named/named.options r,
> `----
>
> which suggests that the standard way would be to use
> /run/named/named.options rather than /run/named/named.resolvers.
> Alternatively, you may put the following line into
> /etc/apparmor.d/local/usr.sbin.named:
>
> /{,var/}run/named/named.resolvers r,
Yep. Not only that, but just below that is
# some people like to put logs in /var/log/named/ instead of having
# syslog do the heavy lifting.
/var/log/named/** rw,
/var/log/named/ rw,
so if I switch my logs to there (and rename the directory), instead of
/var/log/bind,
the logging should work too. Or I could add apparmor entries for
/var/log/bind.
I'm still trying to figure out what, if anything, is necessary for
revised apparmor settings to take effect.
Thanks.
