Here you go -- I have no idea what I am looking at... buzz:~# aa-enabled Yes buzz:~# aa-status | grep -E '^[0-9]+|named' 43 profiles are loaded. 40 profiles are in enforce mode. /usr/sbin/named named 3 profiles are in complain mode. 79 processes have profiles defined. 77 processes are in enforce mode. /usr/sbin/named (209351) 2 processes are in complain mode. 0 processes are unconfined but have a profile defined. buzz:~#
You didn't ask, but I can sense the inevitable follow-on questions: buzz:~# dpkg -S /etc/apparmor.d/usr.sbin.named bind9: /etc/apparmor.d/usr.sbin.named buzz:~# dpkg -V bind9 ??5?????? c /etc/bind/named.conf.local ??5?????? c /etc/bind/named.conf.options buzz:~# Of course, this is the stable package, but I'll add this to my list of things to look at when I retry 9.16.2 (perhaps tonight)... Thanks, Scott -----Original Message----- From: Simon Deziel <si...@sdeziel.info> Sent: Monday, April 27, 2020 11:43 AM To: Scott Bailey <sc...@cartasoft.com>; 958...@bugs.debian.org Subject: Re: Bug#958934: bind9: named fails to start after upgrade to 9.16.2 On 2020-04-27 11:33 a.m., Scott Bailey wrote: > buzz:~# journalctl -k -b0 | grep -F apparmor > buzz:~# > > So whatever's going on, it doesn't look like AppArmor has anything to do with > it. To completely rule out Apparmor, please share the following: aa-enabled sudo aa-status | grep -E '^[0-9]+|named' Thanks, Simon
