Master file permission denied
Anand Buddhdev
anandb at ripe.net
Thu Jun 29 12:40:29 UTC 2023
On 29/06/2023 14:13, Daniel Armando Rodriguez via bind-users wrote:
[snip]
> Error is not the same as before, I see it know (fresh eyes maybe)
>
> Jun 29 08:42:37 web kernel: [5679658.761672] audit: type=1400
> audit(1688038957.685:548): apparmor="DENIED" operation="mknod"
> profile="named" name="/etc/bind/zonas/db.unau.edu.ar.jbk" pid=1350974
> comm="isc-net-0001" requested_mask="c" denied_mask="c" fsuid=107 ouid=107
[snip]
> So, shouldn't that write attempt happen in /var/cache/bind?
When BIND signs a zone, it keeps a copy of the signed zone next to the
original zone file, by creating a .signed file. Along with that it also
creates a couple of other files, for journaling and keeping state.
In your case, BIND will try to create those in /etc/bind/zonas, and
apparmor is denying it.
Move your zone files into /var/cache/bind, which is a better place to
keep zone files, and not /etc/bind (this should be for BIND's
configuration, not for zone files).
Regards,
Anand
More information about the bind-users
mailing list