People who are chrooting bind should definitely have a bit of administration knowledge. People who just blindly follow some tutorial without knowing what's really going on might run into problems with apparmor. But it's questionable whether those people really should fiddle about bind then.
Apparmor is a security container, if you whitelist everything, you are subverting its purpose. Ubuntu provides a setup that somewhat works with the default settings of daemons (far from perfect though). If you change the settings for a daemon, you're responsible for updating the apparmor configuration too. I doubt that your bind-chroot settings for apparmor would work for my bind-chroot. A bind chroot isn't the only thing that requires manual apparmor configuration by the way. Other examples are mysql chroots, mysql installations with non-standard data-dirs, ... There's just no way that the default Ubuntu apparmor configuration can handle all of them. -- default apparmor setting prevents bind from running under chroot https://bugs.launchpad.net/bugs/236510 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
