Am 12.02.19 um 00:05 schrieb Paul van der Vlis: >>>> /var/cache/bind/_default.nzd.lock rwk, >>> >>> With " rwk," at the end? >> >> Yes, that means "read write lock", which according to the log you showed >> was the denied operation. >> >>> When I do "aa-enforce /usr/sbin/named", then I cannot start Bind9 anymore. >> >> Please show the aa denials from your syslog in this case. > > See below.
Sorry, had a typo in it (_default.nzd.lock vs. _default.nzd-lock). Please change the filename in /etc/apparmor.d/local/usr.sbin.named to match the name of the file not being accessible and reload the profile. That worked in my quick test. Bernhard
