Package: unbound Version: 1.6.4-1 With the new systemd service using Type=notify, the Apparmor profile needs to be adjusted to make sd_notify work as intended. Please find a patch that does that.
Regards, Simon
commit 5e259e3a20f1efb886c6f69aca7723275e46a60b
Author: Simon Deziel <si...@sdeziel.info>
Date: Tue Jul 4 04:19:42 2017 +0000
apparmor: permit unbound to notify readiness to systemd
diff --git a/debian/apparmor-profile b/debian/apparmor-profile
index 624341c..7d5ad69 100644
--- a/debian/apparmor-profile
+++ b/debian/apparmor-profile
@@ -7,7 +7,7 @@
#include <abstractions/nameservice>
#include <abstractions/openssl>
- # needlessly chown'ing the PID
+ # needlessly chown'ing the PID/control socket
deny capability chown,
capability net_bind_service,
@@ -36,6 +36,7 @@
/usr/sbin/unbound mr,
+ /{,var/}run/systemd/notify w,
/{,var/}run/{unbound/,}unbound.pid rw,
# Unix control socket
signature.asc
Description: OpenPGP digital signature
