Am 11.02.19 um 23:32 schrieb Paul van der Vlis: Hi Paul,
please keep the Bug CCed... >>> I upgraded from Debian9 tot Debian10 (testing). After this, bind did not >>> start. Syslog says it's AppArmor (see syslog below). >>> >>> A work-arround is "aa-complain /usr/sbin/named". >>> You need the package apparmor-utils for that. >> >> Are you using "allow-new-zones" in your bind configuration? > > Yes. > >> Does adding >> >> /var/cache/bind/_default.nzd.lock rwk, > > With " rwk," at the end? Yes, that means "read write lock", which according to the log you showed was the denied operation. > When I do "aa-enforce /usr/sbin/named", then I cannot start Bind9 anymore. Please show the aa denials from your syslog in this case. I'll try to reproduce ASAP as well. Bernhard
