AppArmor, DHCP, Bind9 issue [SOLVED]
Olivier
oza.4h07 at gmail.com
Thu Oct 1 15:27:02 UTC 2020
Hello,
Thank you all for replying !
Thanks to your suggestions, creating an /etc/bind/subdir directory, and
tweaking /etc/apparmor.d/usr.sbin.named allowed me to let ISC DHCP update
Bind9 entries.
1. I'm hesitant to file a bug on Debian about this. As this both involves
Bind9 and AppArmor, would you say it deserves to be implemented and
documented in default Bind9 installation or that it is too specific for
this ?
2. If it deserves to to be implemented, how would you name this
/etc/bind/subdir directory ?
I personally used "/etc/bind/ddns-zones" but surely there exist
alternatives that better describe the purpose of this directory (hosting
config that bind9 needs to rewrite) such as :
writable_conf
rw_conf
rwconf
Detailed steps I followed on Debian Buster to work around the issue were:
mkdir /etc/bind/ddns-zones
chown root:bind /etc/bind/ddns-zones
# I don't know if plain 775 better fits. Comments welcome
chmod 2775 /etc/bind/ddns-zones
Adding into /etc/apparmor.d/usr.sbin.named, a line:
/etc/bind/ddns-zones/** rw,
before line
/etc/bind/** r,
Best regards
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20201001/b6a46989/attachment.htm>
More information about the bind-users
mailing list