https://bugzilla.novell.com/show_bug.cgi?id=731572 https://bugzilla.novell.com/show_bug.cgi?id=731572#c5 --- Comment #5 from Charles Wright <wrighrc@gmail.com> 2011-12-07 22:32:19 UTC --- Greetings Uwe, I just extracted both rpms with rpm2cpio bind-9.8.1-4.2.2.i586.rpm bind-9.8.1P1-4.4.1.i586.rpm <- I'm running this one. Then I did a diff on the profile and it didn't look as if anything changed in the file /etc/apparmor.d/usr.sbin.named I went ahead and tested with the original file anyways. wrights:/etc/apparmor.d # /etc/init.d/named start Starting name server BIND - Warning: /var/lib/named/var/run/named/named.pid exists! failed wrights:/etc/apparmor.d # rm /var/lib/named/var/run/named/named.pid wrights:/etc/apparmor.d # wrights:/etc/apparmor.d # /etc/init.d/named start Starting name server BIND failed I still get: [1360174.303710] type=1400 audit(1323295945.296:63): apparmor="DENIED" operation="file_mmap" parent=29480 profile="/usr/sbin/named" name="/var/lib/named/lib/engines/libgost.so" pid=29481 comm="named" requested_mask="m" denied_mask="m" fsuid=44 ouid=0 So it still looks broken. (no big surprise given the apparmor profile looks the same.) # Restoring my change... wrights:/etc/apparmor.d # cp /root/usr.sbin.named /etc/apparmor.d/ wrights:/etc/apparmor.d # rcapparmor restart Restarting AppArmor done wrights:/etc/apparmor.d # /etc/init.d/named start Starting name server BIND done wrights:/etc/apparmor.d # diff /root/usr.sbin.named /tmp/extract/etc/apparmor.d/usr.sbin.named 34c34 < /var/lib/named/** rwlm, ---
/var/lib/named/** rwl,
(In reply to comment #4)
but I already released a maintenance update for 12.1 that makes access to /var/lib/named/lib/ and /var/lib/named/lib64 possible. So I think that's fixed Or do you see any other issues with apparmor that I overlooked?
-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.