Hello list, This issue has a workaround that works fine but I want to throw this info out there in case it's useful to anyone else or to the devs.
I've got a couple dns servers that I installed initially with ascii. After upgrading to Beowulf, bind9 wouldn't start any more. Turned out to be a permissions issue that is actually an apparmor issue which is outlined in this debian bug report. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922065 Apparmor denies permissions to necessary bind9 files. In my case it's var/log/misc.log that is the problem file consistently. The bug report says the next version of bind9 should contain the fix. I don't know if they mean next major release or what. The bug at debian was reported for bind9 version 1:9.11.5.P1+dfsg-2 and I'm on 1:9.11.5.P4+dfsg-5.1, which is the latest in the default beowulf repo's. Apparmor was installed during the upgrade to Boewulf, it wasn't present in my ascii install. The specific error I had in syslog was: May 23 10:30:00 155 named[2523]: starting BIND 9.11.5-P4-5.1+deb10u1- Debian (Extended Support Version) <id:998753 /permission denied ...skipping May 23 10:30:00 155 named[2523]: isc_stdio_open '/var/log/misc.log' failed: permission denied May 23 10:30:00 155 named[2523]: configuring logging: permission denied May 23 10:30:00 155 kernel: [35015.975714] audit: type=1400 audit(1590251400.612:13): apparmor="DENIED" operation ="open" profile="/usr/sbin/named" name="/var/log/misc.log" pid=2523 comm="isc-worker0000" requested_mask="ac" den ied_mask="ac" fsuid=107 ouid=107 May 23 10:30:00 155 named[2523]: loading configuration: permission denied May 23 10:30:00 155 named[2523]: exiting (due to fatal error) The workaround mentioned in the bug report for is to add explicit permissions in /etc/apparmor.d/local/usr.sbin.named by adding a line to that file with the path to the problem file and the permissions. In this case rwk for read/write/lock. In my case I added this line: /var/log/misc.log rwk Anyway, hope this info's helpful. Let me know if I can be further help. _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
