https://bugzilla.novell.com/show_bug.cgi?id=731572
https://bugzilla.novell.com/show_bug.cgi?id=731572#c5
--- Comment #5 from Charles Wright 2011-12-07 22:32:19 UTC ---
Greetings Uwe,
I just extracted both rpms with rpm2cpio
bind-9.8.1-4.2.2.i586.rpm
bind-9.8.1P1-4.4.1.i586.rpm <- I'm running this one.
Then I did a diff on the profile and it didn't look as if anything changed in
the file /etc/apparmor.d/usr.sbin.named
I went ahead and tested with the original file anyways.
wrights:/etc/apparmor.d # /etc/init.d/named start
Starting name server BIND - Warning: /var/lib/named/var/run/named/named.pid
exists! failed
wrights:/etc/apparmor.d # rm /var/lib/named/var/run/named/named.pid
wrights:/etc/apparmor.d #
wrights:/etc/apparmor.d # /etc/init.d/named start
Starting name server BIND
failed
I still get:
[1360174.303710] type=1400 audit(1323295945.296:63): apparmor="DENIED"
operation="file_mmap" parent=29480 profile="/usr/sbin/named"
name="/var/lib/named/lib/engines/libgost.so" pid=29481 comm="named"
requested_mask="m" denied_mask="m" fsuid=44 ouid=0
So it still looks broken. (no big surprise given the apparmor profile looks
the same.)
# Restoring my change...
wrights:/etc/apparmor.d # cp /root/usr.sbin.named /etc/apparmor.d/
wrights:/etc/apparmor.d # rcapparmor restart
Restarting AppArmor
done
wrights:/etc/apparmor.d # /etc/init.d/named start
Starting name server BIND
done
wrights:/etc/apparmor.d # diff /root/usr.sbin.named
/tmp/extract/etc/apparmor.d/usr.sbin.named
34c34
< /var/lib/named/** rwlm,
---
/var/lib/named/** rwl,
(In reply to comment #4)
but I already released a maintenance update for 12.1 that makes access to
/var/lib/named/lib/ and /var/lib/named/lib64 possible.
So I think that's fixed
Or do you see any other issues with apparmor that I overlooked?
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.