Wie erlaubt man das Binden in App-Rüstungen?

15

Frage:

Ich habe bind9 wie hier beschrieben eingerichtet:
http://ubuntuforums.org/showthread.php?p=12149576#post12149576

Jetzt habe ich ein kleines Problem mit apparmor: Wenn ich es ausschalte, funktioniert es.
Wenn apparmor ausgeführt wird, funktioniert es nicht und ich erhalte die folgende dmesg-Ausgabe:

[   23.809767] type=1400 audit(1344097913.519:11): apparmor="STATUS" operation="profile_replace" name="/sbin/dhclient" pid=1540 comm="apparmor_parser"
[   23.811537] type=1400 audit(1344097913.519:12): apparmor="STATUS" operation="profile_replace" name="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=1540 comm="apparmor_parser"
[   23.812514] type=1400 audit(1344097913.523:13): apparmor="STATUS" operation="profile_replace" name="/usr/lib/connman/scripts/dhclient-script" pid=1540 comm="apparmor_parser"
[   23.821999] type=1400 audit(1344097913.531:14): apparmor="STATUS" operation="profile_load" name="/usr/sbin/mysqld" pid=1544 comm="apparmor_parser"
[   23.845085] type=1400 audit(1344097913.555:15): apparmor="STATUS" operation="profile_load" name="/usr/sbin/libvirtd" pid=1543 comm="apparmor_parser"
[   23.849051] type=1400 audit(1344097913.559:16): apparmor="STATUS" operation="profile_load" name="/usr/sbin/named" pid=1545 comm="apparmor_parser"
[   23.849509] type=1400 audit(1344097913.559:17): apparmor="STATUS" operation="profile_load" name="/usr/lib/libvirt/virt-aa-helper" pid=1542 comm="apparmor_parser"
[   23.851597] type=1400 audit(1344097913.559:18): apparmor="STATUS" operation="profile_load" name="/usr/sbin/tcpdump" pid=1547 comm="apparmor_parser"
[   24.415193] type=1400 audit(1344097914.123:19): apparmor="STATUS" operation="profile_replace" name="/usr/sbin/mysqld" pid=1625 comm="apparmor_parser"
[   24.738631] ip_tables: (C) 2000-2006 Netfilter Core Team
[   25.005242] nf_conntrack version 0.5.0 (16384 buckets, 65536 max)
[   25.187939] ADDRCONF(NETDEV_UP): virbr0: link is not ready
[   26.004282] Ebtables v2.0 registered
[   26.068783] ip6_tables: (C) 2000-2006 Netfilter Core Team
[   28.158848] postgres (1900): /proc/1900/oom_adj is deprecated, please use /proc/1900/oom_score_adj instead.
[   29.840079] xenbr0: no IPv6 routers present
[   31.502916] type=1400 audit(1344097919.088:20): apparmor="DENIED" operation="mknod" parent=1984 profile="/usr/sbin/named" name="/var/log/query.log" pid=1989 comm="named" requested_mask="c" denied_mask="c" fsuid=107 ouid=107
[   34.336141] xenbr0: port 1(eth0) entering forwarding state
[   38.424359] Event-channel device installed.
[   38.853077] XENBUS: Unable to read cpu state
[   38.854215] XENBUS: Unable to read cpu state
[   38.855231] XENBUS: Unable to read cpu state
[   38.858891] XENBUS: Unable to read cpu state
[   47.411497] device vif1.0 entered promiscuous mode
[   47.429245] ADDRCONF(NETDEV_UP): vif1.0: link is not ready
[   49.366219] virbr0: port 1(vif1.0) entering disabled state
[   49.366705] virbr0: port 1(vif1.0) entering disabled state
[   49.368873] virbr0: mixed no checksumming and other settings.
[   97.273028] type=1400 audit(1344097984.861:21): apparmor="DENIED" operation="mknod" parent=3076 profile="/usr/sbin/named" name="/var/log/query.log" pid=3078 comm="named" requested_mask="c" denied_mask="c" fsuid=107 ouid=107
[  277.790627] type=1400 audit(1344098165.377:22): apparmor="DENIED" operation="mknod" parent=3384 profile="/usr/sbin/named" name="/var/log/query.log" pid=3389 comm="named" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
[  287.812986] type=1400 audit(1344098175.401:23): apparmor="DENIED" operation="mknod" parent=3325 profile="/usr/sbin/named" name="/root/tmp-gjnX0c0dDa" pid=3400 comm="named" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
[  287.818466] type=1400 audit(1344098175.405:24): apparmor="DENIED" operation="mknod" parent=3325 profile="/usr/sbin/named" name="/root/tmp-CpOtH52qU5" pid=3400 comm="named" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
[  323.166228] type=1400 audit(1344098210.753:25): apparmor="DENIED" operation="mknod" parent=3422 profile="/usr/sbin/named" name="/var/log/query.log" pid=3427 comm="named" requested_mask="c" denied_mask="c" fsuid=107 ouid=107
[  386.512586] type=1400 audit(1344098274.101:26): apparmor="DENIED" operation="mknod" parent=3456 profile="/usr/sbin/named" name="/var/log/query.log" pid=3459 comm="named" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
[  808.549049] type=1400 audit(1344098696.137:27): apparmor="DENIED" operation="mknod" parent=3872 profile="/usr/sbin/named" name="/var/log/query.log" pid=3877 comm="named" requested_mask="c" denied_mask="c" fsuid=107 ouid=107
[  894.671081] type=1400 audit(1344098782.257:28): apparmor="DENIED" operation="mknod" parent=3922 profile="/usr/sbin/named" name="/var/log/query.log" pid=3927 comm="named" requested_mask="c" denied_mask="c" fsuid=107 ouid=107
[  968.514669] type=1400 audit(1344098856.101:29): apparmor="DENIED" operation="mknod" parent=3978 profile="/usr/sbin/named" name="/var/log/query.log" pid=3983 comm="named" requested_mask="c" denied_mask="c" fsuid=107 ouid=107
[ 1021.814582] type=1400 audit(1344098909.401:30): apparmor="DENIED" operation="mknod" parent=4010 profile="/usr/sbin/named" name="/var/log/query.log" pid=4012 comm="named" requested_mask="c" denied_mask="c" fsuid=107 ouid=107
[ 1063.856633] type=1400 audit(1344098951.445:31): apparmor="DENIED" operation="mknod" parent=4041 profile="/usr/sbin/named" name="/var/log/query.log" pid=4043 comm="named" requested_mask="c" denied_mask="c" fsuid=107 ouid=107
[ 1085.404001] type=1400 audit(1344098972.989:32): apparmor="DENIED" operation="mknod" parent=4072 profile="/usr/sbin/named" name="/var/log/query.log" pid=4077 comm="named" requested_mask="c" denied_mask="c" fsuid=107 ouid=107
[ 1108.207402] type=1400 audit(1344098995.793:33): apparmor="DENIED" operation="mknod" parent=4102 profile="/usr/sbin/named" name="/var/log/query.log" pid=4107 comm="named" requested_mask="c" denied_mask="c" fsuid=107 ouid=107
[ 1156.947189] type=1400 audit(1344099044.533:34): apparmor="DENIED" operation="mknod" parent=4134 profile="/usr/sbin/named" name="/var/log/query.log" pid=4136 comm="named" requested_mask="c" denied_mask="c" fsuid=107 ouid=107
[ 1166.768005] type=1400 audit(1344099054.353:35): apparmor="DENIED" operation="mknod" parent=4150 profile="/usr/sbin/named" name="/var/log/query.log" pid=4155 comm="named" requested_mask="c" denied_mask="c" fsuid=107 ouid=107
[ 1168.873385] type=1400 audit(1344099056.461:36): apparmor="DENIED" operation="mknod" parent=4162 profile="/usr/sbin/named" name="/var/log/query.log" pid=4167 comm="named" requested_mask="c" denied_mask="c" fsuid=107 ouid=107
[ 1181.558946] type=1400 audit(1344099069.145:37): apparmor="DENIED" operation="mknod" parent=4177 profile="/usr/sbin/named" name="/var/log/query.log" pid=4182 comm="named" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
[ 1199.349265] type=1400 audit(1344099086.937:38): apparmor="DENIED" operation="mknod" parent=4191 profile="/usr/sbin/named" name="/var/log/query.log" pid=4196 comm="named" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
[ 1296.805604] type=1400 audit(1344099184.393:39): apparmor="DENIED" operation="mknod" parent=4232 profile="/usr/sbin/named" name="/var/log/query.log" pid=4237 comm="named" requested_mask="c" denied_mask="c" fsuid=107 ouid=107
[ 1317.730568] type=1400 audit(1344099205.317:40): apparmor="DENIED" operation="mknod" parent=3325 profile="/usr/sbin/named" name="/tmp-nuBes0IXwi" pid=4251 comm="named" requested_mask="c" denied_mask="c" fsuid=107 ouid=107
[ 1317.730744] type=1400 audit(1344099205.317:41): apparmor="DENIED" operation="mknod" parent=3325 profile="/usr/sbin/named" name="/tmp-ZDJA06ZOkU" pid=4252 comm="named" requested_mask="c" denied_mask="c" fsuid=107 ouid=107
[ 1365.072687] type=1400 audit(1344099252.661:42): apparmor="DENIED" operation="mknod" parent=3325 profile="/usr/sbin/named" name="/tmp-EnsuYUrGOC" pid=4290 comm="named" requested_mask="c" denied_mask="c" fsuid=107 ouid=107
[ 1365.074520] type=1400 audit(1344099252.661:43): apparmor="DENIED" operation="mknod" parent=3325 profile="/usr/sbin/named" name="/tmp-LVCnpWOStP" pid=4287 comm="named" requested_mask="c" denied_mask="c" fsuid=107 ouid=107
[ 1380.336984] type=1400 audit(1344099267.925:44): apparmor="DENIED" operation="mknod" parent=4617 profile="/usr/sbin/named" name="/var/log/query.log" pid=4622 comm="named" requested_mask="c" denied_mask="c" fsuid=107 ouid=107
[ 1437.924534] type=1400 audit(1344099325.513:45): apparmor="DENIED" operation="mknod" parent=3325 profile="/usr/sbin/named" name="/tmp-Uyf1dHIZUU" pid=4648 comm="named" requested_mask="c" denied_mask="c" fsuid=107 ouid=107
[ 1437.924626] type=1400 audit(1344099325.513:46): apparmor="DENIED" operation="mknod" parent=3325 profile="/usr/sbin/named" name="/tmp-OABXWclII3" pid=4647 comm="named" requested_mask="c" denied_mask="c" fsuid=107 ouid=107
[ 1526.334959] type=1400 audit(1344099413.921:47): apparmor="DENIED" operation="mknod" parent=4749 profile="/usr/sbin/named" name="/var/log/query.log" pid=4754 comm="named" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
[ 1601.292548] type=1400 audit(1344099488.881:48): apparmor="DENIED" operation="mknod" parent=4835 profile="/usr/sbin/named" name="/var/log/query.log" pid=4840 comm="named" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
[ 1639.543733] type=1400 audit(1344099527.129:49): apparmor="DENIED" operation="mknod" parent=4905 profile="/usr/sbin/named" name="/var/log/query.log" pid=4907 comm="named" requested_mask="c" denied_mask="c" fsuid=107 ouid=107
[ 1916.381179] type=1400 audit(1344099803.969:50): apparmor="DENIED" operation="mknod" parent=4959 profile="/usr/sbin/named" name="/var/log/query.log" pid=4961 comm="named" requested_mask="c" denied_mask="c" fsuid=107 ouid=107
[ 1940.816898] type=1400 audit(1344099828.405:51): apparmor="DENIED" operation="mknod" parent=4991 profile="/usr/sbin/named" name="/var/log/query.log" pid=4996 comm="named" requested_mask="c" denied_mask="c" fsuid=107 ouid=107
[ 2043.010898] type=1400 audit(1344099930.597:52): apparmor="DENIED" operation="mknod" parent=5048 profile="/usr/sbin/named" name="/var/log/query.log" pid=5053 comm="named" requested_mask="c" denied_mask="c" fsuid=107 ouid=107
[ 2084.956230] type=1400 audit(1344099972.545:53): apparmor="DENIED" operation="mknod" parent=3325 profile="/usr/sbin/named" name="/var/log/tmp-XYgr33RqUt" pid=5069 comm="named" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
[ 2084.959120] type=1400 audit(1344099972.545:54): apparmor="DENIED" operation="mknod" parent=3325 profile="/usr/sbin/named" name="/var/log/tmp-vO24RHwL14" pid=5066 comm="named" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
[ 2088.169500] type=1400 audit(1344099975.757:55): apparmor="DENIED" operation="mknod" parent=5076 profile="/usr/sbin/named" name="/var/log/query.log" pid=5078 comm="named" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
[ 2165.625096] type=1400 audit(1344100053.213:56): apparmor="STATUS" operation="profile_remove" name="/sbin/dhclient" pid=5124 comm="apparmor"
[ 2165.625401] type=1400 audit(1344100053.213:57): apparmor="STATUS" operation="profile_remove" name="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=5124 comm="apparmor"
[ 2165.625608] type=1400 audit(1344100053.213:58): apparmor="STATUS" operation="profile_remove" name="/usr/lib/connman/scripts/dhclient-script" pid=5124 comm="apparmor"
[ 2165.625782] type=1400 audit(1344100053.213:59): apparmor="STATUS" operation="profile_remove" name="/usr/lib/libvirt/virt-aa-helper" pid=5124 comm="apparmor"
[ 2165.625931] type=1400 audit(1344100053.213:60): apparmor="STATUS" operation="profile_remove" name="/usr/sbin/libvirtd" pid=5124 comm="apparmor"
[ 2165.626057] type=1400 audit(1344100053.213:61): apparmor="STATUS" operation="profile_remove" name="/usr/sbin/mysqld" pid=5124 comm="apparmor"
[ 2165.626181] type=1400 audit(1344100053.213:62): apparmor="STATUS" operation="profile_remove" name="/usr/sbin/named" pid=5124 comm="apparmor"
[ 2165.626319] type=1400 audit(1344100053.213:63): apparmor="STATUS" operation="profile_remove" name="/usr/sbin/tcpdump" pid=5124 comm="apparmor"
[ 3709.583927] type=1400 audit(1344101597.169:64): apparmor="STATUS" operation="profile_load" name="/usr/sbin/libvirtd" pid=7484 comm="apparmor_parser"
[ 3709.839895] type=1400 audit(1344101597.425:65): apparmor="STATUS" operation="profile_load" name="/usr/sbin/mysqld" pid=7485 comm="apparmor_parser"
[ 3710.008892] type=1400 audit(1344101597.597:66): apparmor="STATUS" operation="profile_load" name="/usr/lib/libvirt/virt-aa-helper" pid=7483 comm="apparmor_parser"
[ 3710.545232] type=1400 audit(1344101598.133:67): apparmor="STATUS" operation="profile_load" name="/usr/sbin/named" pid=7486 comm="apparmor_parser"
[ 3710.655600] type=1400 audit(1344101598.241:68): apparmor="STATUS" operation="profile_load" name="/sbin/dhclient" pid=7481 comm="apparmor_parser"
[ 3710.656013] type=1400 audit(1344101598.241:69): apparmor="STATUS" operation="profile_load" name="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=7481 comm="apparmor_parser"
[ 3710.656786] type=1400 audit(1344101598.245:70): apparmor="STATUS" operation="profile_load" name="/usr/lib/connman/scripts/dhclient-script" pid=7481 comm="apparmor_parser"
[ 3710.832624] type=1400 audit(1344101598.421:71): apparmor="STATUS" operation="profile_load" name="/usr/sbin/tcpdump" pid=7488 comm="apparmor_parser"
[ 3717.573123] type=1400 audit(1344101605.161:72): apparmor="DENIED" operation="open" parent=7505 profile="/usr/sbin/named" name="/var/log/query.log" pid=7510 comm="named" requested_mask="ac" denied_mask="ac" fsuid=107 ouid=0
[ 3743.667808] type=1400 audit(1344101631.253:73): apparmor="STATUS" operation="profile_remove" name="/sbin/dhclient" pid=7552 comm="apparmor"
[ 3743.668338] type=1400 audit(1344101631.257:74): apparmor="STATUS" operation="profile_remove" name="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=7552 comm="apparmor"
[ 3743.668625] type=1400 audit(1344101631.257:75): apparmor="STATUS" operation="profile_remove" name="/usr/lib/connman/scripts/dhclient-script" pid=7552 comm="apparmor"
[ 3743.668834] type=1400 audit(1344101631.257:76): apparmor="STATUS" operation="profile_remove" name="/usr/lib/libvirt/virt-aa-helper" pid=7552 comm="apparmor"
[ 3743.668991] type=1400 audit(1344101631.257:77): apparmor="STATUS" operation="profile_remove" name="/usr/sbin/libvirtd" pid=7552 comm="apparmor"
[ 3743.669127] type=1400 audit(1344101631.257:78): apparmor="STATUS" operation="profile_remove" name="/usr/sbin/mysqld" pid=7552 comm="apparmor"
[ 3743.669282] type=1400 audit(1344101631.257:79): apparmor="STATUS" operation="profile_remove" name="/usr/sbin/named" pid=7552 comm="apparmor"
[ 3743.669520] type=1400 audit(1344101631.257:80): apparmor="STATUS" operation="profile_remove" name="/usr/sbin/tcpdump" pid=7552 comm="apparmor"
[ 3873.572336] type=1400 audit(1344101761.161:81): apparmor="STATUS" operation="profile_load" name="/usr/sbin/libvirtd" pid=7722 comm="apparmor_parser"
[ 3873.826209] type=1400 audit(1344101761.413:82): apparmor="STATUS" operation="profile_load" name="/usr/sbin/mysqld" pid=7723 comm="apparmor_parser"
[ 3873.988181] type=1400 audit(1344101761.577:83): apparmor="STATUS" operation="profile_load" name="/usr/lib/libvirt/virt-aa-helper" pid=7721 comm="apparmor_parser"
[ 3874.520305] type=1400 audit(1344101762.109:84): apparmor="STATUS" operation="profile_load" name="/sbin/dhclient" pid=7719 comm="apparmor_parser"
[ 3874.520736] type=1400 audit(1344101762.109:85): apparmor="STATUS" operation="profile_load" name="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=7719 comm="apparmor_parser"
[ 3874.521000] type=1400 audit(1344101762.109:86): apparmor="STATUS" operation="profile_load" name="/usr/lib/connman/scripts/dhclient-script" pid=7719 comm="apparmor_parser"
[ 3874.528878] type=1400 audit(1344101762.117:87): apparmor="STATUS" operation="profile_load" name="/usr/sbin/named" pid=7724 comm="apparmor_parser"
[ 3874.930712] type=1400 audit(1344101762.517:88): apparmor="STATUS" operation="profile_load" name="/usr/sbin/tcpdump" pid=7726 comm="apparmor_parser"
[ 3971.744599] type=1400 audit(1344101859.333:89): apparmor="STATUS" operation="profile_replace" name="/usr/sbin/libvirtd" pid=7899 comm="apparmor_parser"
[ 3972.009857] type=1400 audit(1344101859.597:90): apparmor="STATUS" operation="profile_replace" name="/usr/sbin/mysqld" pid=7900 comm="apparmor_parser"
[ 3972.165297] type=1400 audit(1344101859.753:91): apparmor="STATUS" operation="profile_replace" name="/usr/lib/libvirt/virt-aa-helper" pid=7898 comm="apparmor_parser"
[ 3972.587766] type=1400 audit(1344101860.173:92): apparmor="STATUS" operation="profile_replace" name="/usr/sbin/named" pid=7901 comm="apparmor_parser"
[ 3972.847189] type=1400 audit(1344101860.433:93): apparmor="STATUS" operation="profile_replace" name="/sbin/dhclient" pid=7896 comm="apparmor_parser"
[ 3972.847705] type=1400 audit(1344101860.433:94): apparmor="STATUS" operation="profile_replace" name="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=7896 comm="apparmor_parser"
[ 3972.848150] type=1400 audit(1344101860.433:95): apparmor="STATUS" operation="profile_replace" name="/usr/lib/connman/scripts/dhclient-script" pid=7896 comm="apparmor_parser"
[ 3973.147889] type=1400 audit(1344101860.733:96): apparmor="STATUS" operation="profile_replace" name="/usr/sbin/tcpdump" pid=7903 comm="apparmor_parser"
[ 3988.863999] type=1400 audit(1344101876.449:97): apparmor="DENIED" operation="open" parent=7939 profile="/usr/sbin/named" name="/var/log/query.log" pid=7944 comm="named" requested_mask="ac" denied_mask="ac" fsuid=107 ouid=0
[ 4025.826132] type=1400 audit(1344101913.413:98): apparmor="STATUS" operation="profile_remove" name="/sbin/dhclient" pid=7975 comm="apparmor"
[ 4025.826627] type=1400 audit(1344101913.413:99): apparmor="STATUS" operation="profile_remove" name="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=7975 comm="apparmor"
[ 4025.826861] type=1400 audit(1344101913.413:100): apparmor="STATUS" operation="profile_remove" name="/usr/lib/connman/scripts/dhclient-script" pid=7975 comm="apparmor"
[ 4025.827059] type=1400 audit(1344101913.413:101): apparmor="STATUS" operation="profile_remove" name="/usr/lib/libvirt/virt-aa-helper" pid=7975 comm="apparmor"
[ 4025.827214] type=1400 audit(1344101913.413:102): apparmor="STATUS" operation="profile_remove" name="/usr/sbin/libvirtd" pid=7975 comm="apparmor"
[ 4025.827352] type=1400 audit(1344101913.413:103): apparmor="STATUS" operation="profile_remove" name="/usr/sbin/mysqld" pid=7975 comm="apparmor"
[ 4025.827485] type=1400 audit(1344101913.413:104): apparmor="STATUS" operation="profile_remove" name="/usr/sbin/named" pid=7975 comm="apparmor"
[ 4025.827624] type=1400 audit(1344101913.413:105): apparmor="STATUS" operation="profile_remove" name="/usr/sbin/tcpdump" pid=7975 comm="apparmor"
[ 4027.862198] type=1400 audit(1344101915.449:106): apparmor="STATUS" operation="profile_load" name="/usr/sbin/libvirtd" pid=8090 comm="apparmor_parser"
[ 4039.500920] audit_printk_skb: 21 callbacks suppressed
[ 4039.500932] type=1400 audit(1344101927.089:114): apparmor="STATUS" operation="profile_remove" name="/sbin/dhclient" pid=8114 comm="apparmor"
[ 4039.501413] type=1400 audit(1344101927.089:115): apparmor="STATUS" operation="profile_remove" name="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=8114 comm="apparmor"
[ 4039.501672] type=1400 audit(1344101927.089:116): apparmor="STATUS" operation="profile_remove" name="/usr/lib/connman/scripts/dhclient-script" pid=8114 comm="apparmor"
[ 4039.501861] type=1400 audit(1344101927.089:117): apparmor="STATUS" operation="profile_remove" name="/usr/lib/libvirt/virt-aa-helper" pid=8114 comm="apparmor"
[ 4039.502033] type=1400 audit(1344101927.089:118): apparmor="STATUS" operation="profile_remove" name="/usr/sbin/libvirtd" pid=8114 comm="apparmor"
[ 4039.502170] type=1400 audit(1344101927.089:119): apparmor="STATUS" operation="profile_remove" name="/usr/sbin/mysqld" pid=8114 comm="apparmor"
[ 4039.502305] type=1400 audit(1344101927.089:120): apparmor="STATUS" operation="profile_remove" name="/usr/sbin/named" pid=8114 comm="apparmor"
[ 4039.502442] type=1400 audit(1344101927.089:121): apparmor="STATUS" operation="profile_remove" name="/usr/sbin/tcpdump" pid=8114 comm="apparmor"
[ 4041.425405] type=1400 audit(1344101929.013:122): apparmor="STATUS" operation="profile_load" name="/usr/lib/libvirt/virt-aa-helper" pid=8240 comm="apparmor_parser"
[ 4041.425952] type=1400 audit(1344101929.013:123): apparmor="STATUS" operation="profile_load" name="/sbin/dhclient" pid=8238 comm="apparmor_parser"
[ 4058.910390] audit_printk_skb: 18 callbacks suppressed
[ 4058.910401] type=1400 audit(1344101946.497:130): apparmor="STATUS" operation="profile_remove" name="/sbin/dhclient" pid=8264 comm="apparmor"
[ 4058.910757] type=1400 audit(1344101946.497:131): apparmor="STATUS" operation="profile_remove" name="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=8264 comm="apparmor"
[ 4058.910969] type=1400 audit(1344101946.497:132): apparmor="STATUS" operation="profile_remove" name="/usr/lib/connman/scripts/dhclient-script" pid=8264 comm="apparmor"
[ 4058.911185] type=1400 audit(1344101946.497:133): apparmor="STATUS" operation="profile_remove" name="/usr/lib/libvirt/virt-aa-helper" pid=8264 comm="apparmor"
[ 4058.911335] type=1400 audit(1344101946.497:134): apparmor="STATUS" operation="profile_remove" name="/usr/sbin/libvirtd" pid=8264 comm="apparmor"
[ 4058.911595] type=1400 audit(1344101946.497:135): apparmor="STATUS" operation="profile_remove" name="/usr/sbin/mysqld" pid=8264 comm="apparmor"
[ 4058.911856] type=1400 audit(1344101946.497:136): apparmor="STATUS" operation="profile_remove" name="/usr/sbin/named" pid=8264 comm="apparmor"
[ 4058.912001] type=1400 audit(1344101946.497:137): apparmor="STATUS" operation="profile_remove" name="/usr/sbin/tcpdump" pid=8264 comm="apparmor"
[ 4060.266700] type=1400 audit(1344101947.853:138): apparmor="STATUS" operation="profile_load" name="/sbin/dhclient" pid=8391 comm="apparmor_parser"
[ 4060.268356] type=1400 audit(1344101947.857:139): apparmor="STATUS" operation="profile_load" name="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=8391 comm="apparmor_parser"
[ 5909.432749] audit_printk_skb: 18 callbacks suppressed
[ 5909.432759] type=1400 audit(1344103797.021:146): apparmor="DENIED" operation="open" parent=8800 profile="/usr/sbin/named" name="/var/log/query.log" pid=8805 comm="named" requested_mask="ac" denied_mask="ac" fsuid=107 ouid=0
root@zotac:~# 

Was kann ich tun, damit es immer noch funktioniert und ich Apparmor nicht deaktivieren muss?

Hexerei
quelle

Antworten:

24
[ 5909.432759] type=1400 audit(1344103797.021:146): apparmor="DENIED" operation="open" parent=8800 profile="/usr/sbin/named" name="/var/log/query.log" pid=8805 comm="named" requested_mask="ac" denied_mask="ac" fsuid=107 ouid=0

Das liegt daran, dass named nicht in die Datei schreiben darf /var/log/query.log. Um dieses Problem zu beheben, öffnen Sie das lokale Include für das Apparmor-Profil von named ( /etc/apparmor.d/local/usr.sbin.named) und fügen Sie diese Zeile hinzu:

/var/log/query.log rw,

Dann renne

sudo apparmor_parser -r /etc/apparmor.d/usr.sbin.named

um das Profil neu zu laden.

Diego
quelle
Jemand (Prüfprotokoll) wurde bearbeitet, um auf "/etc/apparmor.d/local" zu verweisen, nachdem die Antwort akzeptiert wurde. "Local" funktioniert jedoch nicht, da Apparmor das geänderte Profil nicht berücksichtigt ("Gleiches wie aktuelles Profil, Überspringen")
Jürgen A. Erhard
Ich habe jetzt die beiden Konfigurationszeilen in /etc/apparmor.d/usr.sbin.named gestellt und das Neuladen funktioniert.
Jürgen A. Erhard
Wie Jürgen A. Erhard kommentiert hat, sollte diese Zeile: (/etc/apparmor.d/local/usr.sbin.named), es nicht "/ local" haben. Kann ein Moderator das bitte korrigieren. Vielen Dank.
Jags
0
  1. Fügen Sie eine Zeile in die Datei ein: /etc/apparmor.d/local/usr.sbin.named

    / var / lib / named / ** rw,

  2. Lauf

    sudo apparmor_parser -r /etc/apparmor.d/usr.sbin.named

  3. Lauf

    sudo systemctl start bind9.service

Piotr Sociński
quelle