The apparmor profile contains bind9 in a similar way that the
traditional chrooting does. There is no reason to chroot bind9 on Ubuntu
if you are using the AppArmor profile. The reason why the profile was
developed was so that all bind9 users would benefit from the enhanced
security of running bind9 under confinement, and not require users to
have to diverge from the standard installation and use chroot.
Users are welcome to use traditional chrooting if they prefer, and need only
disable the apparmor profile by performing:
$ sudo apparmor_parser -R /etc/apparmor.d/usr.sbin.named
$ ln -s /etc/apparmor.d/usr.sbin.named /etc/apparmor.d/disable/usr.sbin.named
The first unloads the profile from the kernel, and the second disables
the profile on boot.
** Package changed: apparmor (Ubuntu) => bind9 (Ubuntu)
** Tags added: apparmor
** Changed in: bind9 (Ubuntu)
Status: New => Won't Fix
--
default apparmor setting prevents bind from running under chroot
https://bugs.launchpad.net/bugs/236510
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
