Hi,
FWIW, this is a stock trixie installation:
root@hopper:~# aa-status --filter.exe='unbound' --show=processes
apparmor module is loaded.
8 processes have profiles defined.
1 processes are in enforce mode.
/usr/sbin/unbound (6837) unbound
0 processes are in complain mode.
0 processes are in prompt mode.
0 processes are in kill mode.
0 processes are unconfined but have a profile defined.
0 processes are in mixed mode.
root@hopper:~# systemctl status unbound.service
● unbound.service - Unbound DNS server
Loaded: loaded (/usr/lib/systemd/system/unbound.service; enabled; preset:
enabled)
Active: active (running) since Sat 2025-09-27 03:24:15 CEST; 1 week 5 days
ago
Invocation: 333f30aac8db423b87492fc8cc2bb44e
Docs: man:unbound(8)
Process: 6783 ExecStartPre=/usr/libexec/unbound-helper chroot_setup
(code=exited, status=0/SUCCESS)
Process: 6832 ExecStartPre=/usr/libexec/unbound-helper
root_trust_anchor_update (code=exited, status=0/SUCCESS)
Main PID: 6837 (unbound)
Tasks: 1 (limit: 76669)
Memory: 30.1M (peak: 31.6M)
CPU: 2min 16.686s
CGroup: /system.slice/unbound.service
└─6837 /usr/sbin/unbound -d -p
unbound works without error here with the stock apparmor profile, so it seems
like the problem is specific to proxmox.
Greets,
Lee
