Am 22.12.2017 um 16:51 schrieb Noury:

Hello Noury,

thanks for your report.

> When starting bind9, I have error messages and bind doesn't start> Other 
> packages are unusable because they need it (ex exim4 as it's my MTA)
> Dec 22 16:28:39 colibri named[26358]: isc_stdio_open '/var/log/bind.log' 
> failed: permission denied
> Dec 22 16:28:39 colibri named[26358]: isc_stdio_open '/var/log/bind.log' 
> failed: permission denied
> Dec 22 16:28:39 colibri named[26358]: configuring logging: permission denied
[...]
> Dec 22 16:28:39 colibri kernel: [288377.634631] audit: type=1400 
> audit(1513956519.915:16): apparmor="DENIED" operation="mknod" 
> profile="/usr/sbin/named" name="/var/log/bind.log" pid=26358 
> comm="isc-worker0000" requested_mask="c" denied_mask="c" fsuid=110 ouid=110
> Dec 22 16:28:39 colibri systemd[1]: bind9.service: Main process exited, 
> code=exited, status=1/FAILURE
> Dec 22 16:28:39 colibri systemd[1]: bind9.service: Failed with result 
> 'exit-code'.

named does not log to /var/log/bind.log by default, is this somewhere in
your configuration ("grep /var/log/bind.log /etc/bind/*")? AppArmor
policy for named forbids writing logfiles except for /var/log/named/

  # some people like to put logs in /var/log/named/ instead of having
  # syslog do the heavy lifting.
  /var/log/named/** rw,
  /var/log/named/ rw,

Please check the AppArmor documentation in the Debian Wiki
(https://wiki.debian.org/AppArmor) on how to allow custom paths in the
AppArmor profile.

Bernhard

Reply via email to