Comment autoriser la liaison dans l'armure de l'application?

15

Question:

J'ai configuré bind9 comme décrit ici:
http://ubuntuforums.org/showthread.php?p=12149576#post12149576

Maintenant, j'ai un petit problème avec apparmor: si je l'éteins, cela fonctionne.
Si apparmor s'exécute, cela ne fonctionne pas et j'obtiens la sortie dmesg suivante:

[   23.809767] type=1400 audit(1344097913.519:11): apparmor="STATUS" operation="profile_replace" name="/sbin/dhclient" pid=1540 comm="apparmor_parser"
[   23.811537] type=1400 audit(1344097913.519:12): apparmor="STATUS" operation="profile_replace" name="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=1540 comm="apparmor_parser"
[   23.812514] type=1400 audit(1344097913.523:13): apparmor="STATUS" operation="profile_replace" name="/usr/lib/connman/scripts/dhclient-script" pid=1540 comm="apparmor_parser"
[   23.821999] type=1400 audit(1344097913.531:14): apparmor="STATUS" operation="profile_load" name="/usr/sbin/mysqld" pid=1544 comm="apparmor_parser"
[   23.845085] type=1400 audit(1344097913.555:15): apparmor="STATUS" operation="profile_load" name="/usr/sbin/libvirtd" pid=1543 comm="apparmor_parser"
[   23.849051] type=1400 audit(1344097913.559:16): apparmor="STATUS" operation="profile_load" name="/usr/sbin/named" pid=1545 comm="apparmor_parser"
[   23.849509] type=1400 audit(1344097913.559:17): apparmor="STATUS" operation="profile_load" name="/usr/lib/libvirt/virt-aa-helper" pid=1542 comm="apparmor_parser"
[   23.851597] type=1400 audit(1344097913.559:18): apparmor="STATUS" operation="profile_load" name="/usr/sbin/tcpdump" pid=1547 comm="apparmor_parser"
[   24.415193] type=1400 audit(1344097914.123:19): apparmor="STATUS" operation="profile_replace" name="/usr/sbin/mysqld" pid=1625 comm="apparmor_parser"
[   24.738631] ip_tables: (C) 2000-2006 Netfilter Core Team
[   25.005242] nf_conntrack version 0.5.0 (16384 buckets, 65536 max)
[   25.187939] ADDRCONF(NETDEV_UP): virbr0: link is not ready
[   26.004282] Ebtables v2.0 registered
[   26.068783] ip6_tables: (C) 2000-2006 Netfilter Core Team
[   28.158848] postgres (1900): /proc/1900/oom_adj is deprecated, please use /proc/1900/oom_score_adj instead.
[   29.840079] xenbr0: no IPv6 routers present
[   31.502916] type=1400 audit(1344097919.088:20): apparmor="DENIED" operation="mknod" parent=1984 profile="/usr/sbin/named" name="/var/log/query.log" pid=1989 comm="named" requested_mask="c" denied_mask="c" fsuid=107 ouid=107
[   34.336141] xenbr0: port 1(eth0) entering forwarding state
[   38.424359] Event-channel device installed.
[   38.853077] XENBUS: Unable to read cpu state
[   38.854215] XENBUS: Unable to read cpu state
[   38.855231] XENBUS: Unable to read cpu state
[   38.858891] XENBUS: Unable to read cpu state
[   47.411497] device vif1.0 entered promiscuous mode
[   47.429245] ADDRCONF(NETDEV_UP): vif1.0: link is not ready
[   49.366219] virbr0: port 1(vif1.0) entering disabled state
[   49.366705] virbr0: port 1(vif1.0) entering disabled state
[   49.368873] virbr0: mixed no checksumming and other settings.
[   97.273028] type=1400 audit(1344097984.861:21): apparmor="DENIED" operation="mknod" parent=3076 profile="/usr/sbin/named" name="/var/log/query.log" pid=3078 comm="named" requested_mask="c" denied_mask="c" fsuid=107 ouid=107
[  277.790627] type=1400 audit(1344098165.377:22): apparmor="DENIED" operation="mknod" parent=3384 profile="/usr/sbin/named" name="/var/log/query.log" pid=3389 comm="named" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
[  287.812986] type=1400 audit(1344098175.401:23): apparmor="DENIED" operation="mknod" parent=3325 profile="/usr/sbin/named" name="/root/tmp-gjnX0c0dDa" pid=3400 comm="named" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
[  287.818466] type=1400 audit(1344098175.405:24): apparmor="DENIED" operation="mknod" parent=3325 profile="/usr/sbin/named" name="/root/tmp-CpOtH52qU5" pid=3400 comm="named" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
[  323.166228] type=1400 audit(1344098210.753:25): apparmor="DENIED" operation="mknod" parent=3422 profile="/usr/sbin/named" name="/var/log/query.log" pid=3427 comm="named" requested_mask="c" denied_mask="c" fsuid=107 ouid=107
[  386.512586] type=1400 audit(1344098274.101:26): apparmor="DENIED" operation="mknod" parent=3456 profile="/usr/sbin/named" name="/var/log/query.log" pid=3459 comm="named" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
[  808.549049] type=1400 audit(1344098696.137:27): apparmor="DENIED" operation="mknod" parent=3872 profile="/usr/sbin/named" name="/var/log/query.log" pid=3877 comm="named" requested_mask="c" denied_mask="c" fsuid=107 ouid=107
[  894.671081] type=1400 audit(1344098782.257:28): apparmor="DENIED" operation="mknod" parent=3922 profile="/usr/sbin/named" name="/var/log/query.log" pid=3927 comm="named" requested_mask="c" denied_mask="c" fsuid=107 ouid=107
[  968.514669] type=1400 audit(1344098856.101:29): apparmor="DENIED" operation="mknod" parent=3978 profile="/usr/sbin/named" name="/var/log/query.log" pid=3983 comm="named" requested_mask="c" denied_mask="c" fsuid=107 ouid=107
[ 1021.814582] type=1400 audit(1344098909.401:30): apparmor="DENIED" operation="mknod" parent=4010 profile="/usr/sbin/named" name="/var/log/query.log" pid=4012 comm="named" requested_mask="c" denied_mask="c" fsuid=107 ouid=107
[ 1063.856633] type=1400 audit(1344098951.445:31): apparmor="DENIED" operation="mknod" parent=4041 profile="/usr/sbin/named" name="/var/log/query.log" pid=4043 comm="named" requested_mask="c" denied_mask="c" fsuid=107 ouid=107
[ 1085.404001] type=1400 audit(1344098972.989:32): apparmor="DENIED" operation="mknod" parent=4072 profile="/usr/sbin/named" name="/var/log/query.log" pid=4077 comm="named" requested_mask="c" denied_mask="c" fsuid=107 ouid=107
[ 1108.207402] type=1400 audit(1344098995.793:33): apparmor="DENIED" operation="mknod" parent=4102 profile="/usr/sbin/named" name="/var/log/query.log" pid=4107 comm="named" requested_mask="c" denied_mask="c" fsuid=107 ouid=107
[ 1156.947189] type=1400 audit(1344099044.533:34): apparmor="DENIED" operation="mknod" parent=4134 profile="/usr/sbin/named" name="/var/log/query.log" pid=4136 comm="named" requested_mask="c" denied_mask="c" fsuid=107 ouid=107
[ 1166.768005] type=1400 audit(1344099054.353:35): apparmor="DENIED" operation="mknod" parent=4150 profile="/usr/sbin/named" name="/var/log/query.log" pid=4155 comm="named" requested_mask="c" denied_mask="c" fsuid=107 ouid=107
[ 1168.873385] type=1400 audit(1344099056.461:36): apparmor="DENIED" operation="mknod" parent=4162 profile="/usr/sbin/named" name="/var/log/query.log" pid=4167 comm="named" requested_mask="c" denied_mask="c" fsuid=107 ouid=107
[ 1181.558946] type=1400 audit(1344099069.145:37): apparmor="DENIED" operation="mknod" parent=4177 profile="/usr/sbin/named" name="/var/log/query.log" pid=4182 comm="named" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
[ 1199.349265] type=1400 audit(1344099086.937:38): apparmor="DENIED" operation="mknod" parent=4191 profile="/usr/sbin/named" name="/var/log/query.log" pid=4196 comm="named" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
[ 1296.805604] type=1400 audit(1344099184.393:39): apparmor="DENIED" operation="mknod" parent=4232 profile="/usr/sbin/named" name="/var/log/query.log" pid=4237 comm="named" requested_mask="c" denied_mask="c" fsuid=107 ouid=107
[ 1317.730568] type=1400 audit(1344099205.317:40): apparmor="DENIED" operation="mknod" parent=3325 profile="/usr/sbin/named" name="/tmp-nuBes0IXwi" pid=4251 comm="named" requested_mask="c" denied_mask="c" fsuid=107 ouid=107
[ 1317.730744] type=1400 audit(1344099205.317:41): apparmor="DENIED" operation="mknod" parent=3325 profile="/usr/sbin/named" name="/tmp-ZDJA06ZOkU" pid=4252 comm="named" requested_mask="c" denied_mask="c" fsuid=107 ouid=107
[ 1365.072687] type=1400 audit(1344099252.661:42): apparmor="DENIED" operation="mknod" parent=3325 profile="/usr/sbin/named" name="/tmp-EnsuYUrGOC" pid=4290 comm="named" requested_mask="c" denied_mask="c" fsuid=107 ouid=107
[ 1365.074520] type=1400 audit(1344099252.661:43): apparmor="DENIED" operation="mknod" parent=3325 profile="/usr/sbin/named" name="/tmp-LVCnpWOStP" pid=4287 comm="named" requested_mask="c" denied_mask="c" fsuid=107 ouid=107
[ 1380.336984] type=1400 audit(1344099267.925:44): apparmor="DENIED" operation="mknod" parent=4617 profile="/usr/sbin/named" name="/var/log/query.log" pid=4622 comm="named" requested_mask="c" denied_mask="c" fsuid=107 ouid=107
[ 1437.924534] type=1400 audit(1344099325.513:45): apparmor="DENIED" operation="mknod" parent=3325 profile="/usr/sbin/named" name="/tmp-Uyf1dHIZUU" pid=4648 comm="named" requested_mask="c" denied_mask="c" fsuid=107 ouid=107
[ 1437.924626] type=1400 audit(1344099325.513:46): apparmor="DENIED" operation="mknod" parent=3325 profile="/usr/sbin/named" name="/tmp-OABXWclII3" pid=4647 comm="named" requested_mask="c" denied_mask="c" fsuid=107 ouid=107
[ 1526.334959] type=1400 audit(1344099413.921:47): apparmor="DENIED" operation="mknod" parent=4749 profile="/usr/sbin/named" name="/var/log/query.log" pid=4754 comm="named" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
[ 1601.292548] type=1400 audit(1344099488.881:48): apparmor="DENIED" operation="mknod" parent=4835 profile="/usr/sbin/named" name="/var/log/query.log" pid=4840 comm="named" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
[ 1639.543733] type=1400 audit(1344099527.129:49): apparmor="DENIED" operation="mknod" parent=4905 profile="/usr/sbin/named" name="/var/log/query.log" pid=4907 comm="named" requested_mask="c" denied_mask="c" fsuid=107 ouid=107
[ 1916.381179] type=1400 audit(1344099803.969:50): apparmor="DENIED" operation="mknod" parent=4959 profile="/usr/sbin/named" name="/var/log/query.log" pid=4961 comm="named" requested_mask="c" denied_mask="c" fsuid=107 ouid=107
[ 1940.816898] type=1400 audit(1344099828.405:51): apparmor="DENIED" operation="mknod" parent=4991 profile="/usr/sbin/named" name="/var/log/query.log" pid=4996 comm="named" requested_mask="c" denied_mask="c" fsuid=107 ouid=107
[ 2043.010898] type=1400 audit(1344099930.597:52): apparmor="DENIED" operation="mknod" parent=5048 profile="/usr/sbin/named" name="/var/log/query.log" pid=5053 comm="named" requested_mask="c" denied_mask="c" fsuid=107 ouid=107
[ 2084.956230] type=1400 audit(1344099972.545:53): apparmor="DENIED" operation="mknod" parent=3325 profile="/usr/sbin/named" name="/var/log/tmp-XYgr33RqUt" pid=5069 comm="named" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
[ 2084.959120] type=1400 audit(1344099972.545:54): apparmor="DENIED" operation="mknod" parent=3325 profile="/usr/sbin/named" name="/var/log/tmp-vO24RHwL14" pid=5066 comm="named" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
[ 2088.169500] type=1400 audit(1344099975.757:55): apparmor="DENIED" operation="mknod" parent=5076 profile="/usr/sbin/named" name="/var/log/query.log" pid=5078 comm="named" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
[ 2165.625096] type=1400 audit(1344100053.213:56): apparmor="STATUS" operation="profile_remove" name="/sbin/dhclient" pid=5124 comm="apparmor"
[ 2165.625401] type=1400 audit(1344100053.213:57): apparmor="STATUS" operation="profile_remove" name="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=5124 comm="apparmor"
[ 2165.625608] type=1400 audit(1344100053.213:58): apparmor="STATUS" operation="profile_remove" name="/usr/lib/connman/scripts/dhclient-script" pid=5124 comm="apparmor"
[ 2165.625782] type=1400 audit(1344100053.213:59): apparmor="STATUS" operation="profile_remove" name="/usr/lib/libvirt/virt-aa-helper" pid=5124 comm="apparmor"
[ 2165.625931] type=1400 audit(1344100053.213:60): apparmor="STATUS" operation="profile_remove" name="/usr/sbin/libvirtd" pid=5124 comm="apparmor"
[ 2165.626057] type=1400 audit(1344100053.213:61): apparmor="STATUS" operation="profile_remove" name="/usr/sbin/mysqld" pid=5124 comm="apparmor"
[ 2165.626181] type=1400 audit(1344100053.213:62): apparmor="STATUS" operation="profile_remove" name="/usr/sbin/named" pid=5124 comm="apparmor"
[ 2165.626319] type=1400 audit(1344100053.213:63): apparmor="STATUS" operation="profile_remove" name="/usr/sbin/tcpdump" pid=5124 comm="apparmor"
[ 3709.583927] type=1400 audit(1344101597.169:64): apparmor="STATUS" operation="profile_load" name="/usr/sbin/libvirtd" pid=7484 comm="apparmor_parser"
[ 3709.839895] type=1400 audit(1344101597.425:65): apparmor="STATUS" operation="profile_load" name="/usr/sbin/mysqld" pid=7485 comm="apparmor_parser"
[ 3710.008892] type=1400 audit(1344101597.597:66): apparmor="STATUS" operation="profile_load" name="/usr/lib/libvirt/virt-aa-helper" pid=7483 comm="apparmor_parser"
[ 3710.545232] type=1400 audit(1344101598.133:67): apparmor="STATUS" operation="profile_load" name="/usr/sbin/named" pid=7486 comm="apparmor_parser"
[ 3710.655600] type=1400 audit(1344101598.241:68): apparmor="STATUS" operation="profile_load" name="/sbin/dhclient" pid=7481 comm="apparmor_parser"
[ 3710.656013] type=1400 audit(1344101598.241:69): apparmor="STATUS" operation="profile_load" name="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=7481 comm="apparmor_parser"
[ 3710.656786] type=1400 audit(1344101598.245:70): apparmor="STATUS" operation="profile_load" name="/usr/lib/connman/scripts/dhclient-script" pid=7481 comm="apparmor_parser"
[ 3710.832624] type=1400 audit(1344101598.421:71): apparmor="STATUS" operation="profile_load" name="/usr/sbin/tcpdump" pid=7488 comm="apparmor_parser"
[ 3717.573123] type=1400 audit(1344101605.161:72): apparmor="DENIED" operation="open" parent=7505 profile="/usr/sbin/named" name="/var/log/query.log" pid=7510 comm="named" requested_mask="ac" denied_mask="ac" fsuid=107 ouid=0
[ 3743.667808] type=1400 audit(1344101631.253:73): apparmor="STATUS" operation="profile_remove" name="/sbin/dhclient" pid=7552 comm="apparmor"
[ 3743.668338] type=1400 audit(1344101631.257:74): apparmor="STATUS" operation="profile_remove" name="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=7552 comm="apparmor"
[ 3743.668625] type=1400 audit(1344101631.257:75): apparmor="STATUS" operation="profile_remove" name="/usr/lib/connman/scripts/dhclient-script" pid=7552 comm="apparmor"
[ 3743.668834] type=1400 audit(1344101631.257:76): apparmor="STATUS" operation="profile_remove" name="/usr/lib/libvirt/virt-aa-helper" pid=7552 comm="apparmor"
[ 3743.668991] type=1400 audit(1344101631.257:77): apparmor="STATUS" operation="profile_remove" name="/usr/sbin/libvirtd" pid=7552 comm="apparmor"
[ 3743.669127] type=1400 audit(1344101631.257:78): apparmor="STATUS" operation="profile_remove" name="/usr/sbin/mysqld" pid=7552 comm="apparmor"
[ 3743.669282] type=1400 audit(1344101631.257:79): apparmor="STATUS" operation="profile_remove" name="/usr/sbin/named" pid=7552 comm="apparmor"
[ 3743.669520] type=1400 audit(1344101631.257:80): apparmor="STATUS" operation="profile_remove" name="/usr/sbin/tcpdump" pid=7552 comm="apparmor"
[ 3873.572336] type=1400 audit(1344101761.161:81): apparmor="STATUS" operation="profile_load" name="/usr/sbin/libvirtd" pid=7722 comm="apparmor_parser"
[ 3873.826209] type=1400 audit(1344101761.413:82): apparmor="STATUS" operation="profile_load" name="/usr/sbin/mysqld" pid=7723 comm="apparmor_parser"
[ 3873.988181] type=1400 audit(1344101761.577:83): apparmor="STATUS" operation="profile_load" name="/usr/lib/libvirt/virt-aa-helper" pid=7721 comm="apparmor_parser"
[ 3874.520305] type=1400 audit(1344101762.109:84): apparmor="STATUS" operation="profile_load" name="/sbin/dhclient" pid=7719 comm="apparmor_parser"
[ 3874.520736] type=1400 audit(1344101762.109:85): apparmor="STATUS" operation="profile_load" name="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=7719 comm="apparmor_parser"
[ 3874.521000] type=1400 audit(1344101762.109:86): apparmor="STATUS" operation="profile_load" name="/usr/lib/connman/scripts/dhclient-script" pid=7719 comm="apparmor_parser"
[ 3874.528878] type=1400 audit(1344101762.117:87): apparmor="STATUS" operation="profile_load" name="/usr/sbin/named" pid=7724 comm="apparmor_parser"
[ 3874.930712] type=1400 audit(1344101762.517:88): apparmor="STATUS" operation="profile_load" name="/usr/sbin/tcpdump" pid=7726 comm="apparmor_parser"
[ 3971.744599] type=1400 audit(1344101859.333:89): apparmor="STATUS" operation="profile_replace" name="/usr/sbin/libvirtd" pid=7899 comm="apparmor_parser"
[ 3972.009857] type=1400 audit(1344101859.597:90): apparmor="STATUS" operation="profile_replace" name="/usr/sbin/mysqld" pid=7900 comm="apparmor_parser"
[ 3972.165297] type=1400 audit(1344101859.753:91): apparmor="STATUS" operation="profile_replace" name="/usr/lib/libvirt/virt-aa-helper" pid=7898 comm="apparmor_parser"
[ 3972.587766] type=1400 audit(1344101860.173:92): apparmor="STATUS" operation="profile_replace" name="/usr/sbin/named" pid=7901 comm="apparmor_parser"
[ 3972.847189] type=1400 audit(1344101860.433:93): apparmor="STATUS" operation="profile_replace" name="/sbin/dhclient" pid=7896 comm="apparmor_parser"
[ 3972.847705] type=1400 audit(1344101860.433:94): apparmor="STATUS" operation="profile_replace" name="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=7896 comm="apparmor_parser"
[ 3972.848150] type=1400 audit(1344101860.433:95): apparmor="STATUS" operation="profile_replace" name="/usr/lib/connman/scripts/dhclient-script" pid=7896 comm="apparmor_parser"
[ 3973.147889] type=1400 audit(1344101860.733:96): apparmor="STATUS" operation="profile_replace" name="/usr/sbin/tcpdump" pid=7903 comm="apparmor_parser"
[ 3988.863999] type=1400 audit(1344101876.449:97): apparmor="DENIED" operation="open" parent=7939 profile="/usr/sbin/named" name="/var/log/query.log" pid=7944 comm="named" requested_mask="ac" denied_mask="ac" fsuid=107 ouid=0
[ 4025.826132] type=1400 audit(1344101913.413:98): apparmor="STATUS" operation="profile_remove" name="/sbin/dhclient" pid=7975 comm="apparmor"
[ 4025.826627] type=1400 audit(1344101913.413:99): apparmor="STATUS" operation="profile_remove" name="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=7975 comm="apparmor"
[ 4025.826861] type=1400 audit(1344101913.413:100): apparmor="STATUS" operation="profile_remove" name="/usr/lib/connman/scripts/dhclient-script" pid=7975 comm="apparmor"
[ 4025.827059] type=1400 audit(1344101913.413:101): apparmor="STATUS" operation="profile_remove" name="/usr/lib/libvirt/virt-aa-helper" pid=7975 comm="apparmor"
[ 4025.827214] type=1400 audit(1344101913.413:102): apparmor="STATUS" operation="profile_remove" name="/usr/sbin/libvirtd" pid=7975 comm="apparmor"
[ 4025.827352] type=1400 audit(1344101913.413:103): apparmor="STATUS" operation="profile_remove" name="/usr/sbin/mysqld" pid=7975 comm="apparmor"
[ 4025.827485] type=1400 audit(1344101913.413:104): apparmor="STATUS" operation="profile_remove" name="/usr/sbin/named" pid=7975 comm="apparmor"
[ 4025.827624] type=1400 audit(1344101913.413:105): apparmor="STATUS" operation="profile_remove" name="/usr/sbin/tcpdump" pid=7975 comm="apparmor"
[ 4027.862198] type=1400 audit(1344101915.449:106): apparmor="STATUS" operation="profile_load" name="/usr/sbin/libvirtd" pid=8090 comm="apparmor_parser"
[ 4039.500920] audit_printk_skb: 21 callbacks suppressed
[ 4039.500932] type=1400 audit(1344101927.089:114): apparmor="STATUS" operation="profile_remove" name="/sbin/dhclient" pid=8114 comm="apparmor"
[ 4039.501413] type=1400 audit(1344101927.089:115): apparmor="STATUS" operation="profile_remove" name="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=8114 comm="apparmor"
[ 4039.501672] type=1400 audit(1344101927.089:116): apparmor="STATUS" operation="profile_remove" name="/usr/lib/connman/scripts/dhclient-script" pid=8114 comm="apparmor"
[ 4039.501861] type=1400 audit(1344101927.089:117): apparmor="STATUS" operation="profile_remove" name="/usr/lib/libvirt/virt-aa-helper" pid=8114 comm="apparmor"
[ 4039.502033] type=1400 audit(1344101927.089:118): apparmor="STATUS" operation="profile_remove" name="/usr/sbin/libvirtd" pid=8114 comm="apparmor"
[ 4039.502170] type=1400 audit(1344101927.089:119): apparmor="STATUS" operation="profile_remove" name="/usr/sbin/mysqld" pid=8114 comm="apparmor"
[ 4039.502305] type=1400 audit(1344101927.089:120): apparmor="STATUS" operation="profile_remove" name="/usr/sbin/named" pid=8114 comm="apparmor"
[ 4039.502442] type=1400 audit(1344101927.089:121): apparmor="STATUS" operation="profile_remove" name="/usr/sbin/tcpdump" pid=8114 comm="apparmor"
[ 4041.425405] type=1400 audit(1344101929.013:122): apparmor="STATUS" operation="profile_load" name="/usr/lib/libvirt/virt-aa-helper" pid=8240 comm="apparmor_parser"
[ 4041.425952] type=1400 audit(1344101929.013:123): apparmor="STATUS" operation="profile_load" name="/sbin/dhclient" pid=8238 comm="apparmor_parser"
[ 4058.910390] audit_printk_skb: 18 callbacks suppressed
[ 4058.910401] type=1400 audit(1344101946.497:130): apparmor="STATUS" operation="profile_remove" name="/sbin/dhclient" pid=8264 comm="apparmor"
[ 4058.910757] type=1400 audit(1344101946.497:131): apparmor="STATUS" operation="profile_remove" name="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=8264 comm="apparmor"
[ 4058.910969] type=1400 audit(1344101946.497:132): apparmor="STATUS" operation="profile_remove" name="/usr/lib/connman/scripts/dhclient-script" pid=8264 comm="apparmor"
[ 4058.911185] type=1400 audit(1344101946.497:133): apparmor="STATUS" operation="profile_remove" name="/usr/lib/libvirt/virt-aa-helper" pid=8264 comm="apparmor"
[ 4058.911335] type=1400 audit(1344101946.497:134): apparmor="STATUS" operation="profile_remove" name="/usr/sbin/libvirtd" pid=8264 comm="apparmor"
[ 4058.911595] type=1400 audit(1344101946.497:135): apparmor="STATUS" operation="profile_remove" name="/usr/sbin/mysqld" pid=8264 comm="apparmor"
[ 4058.911856] type=1400 audit(1344101946.497:136): apparmor="STATUS" operation="profile_remove" name="/usr/sbin/named" pid=8264 comm="apparmor"
[ 4058.912001] type=1400 audit(1344101946.497:137): apparmor="STATUS" operation="profile_remove" name="/usr/sbin/tcpdump" pid=8264 comm="apparmor"
[ 4060.266700] type=1400 audit(1344101947.853:138): apparmor="STATUS" operation="profile_load" name="/sbin/dhclient" pid=8391 comm="apparmor_parser"
[ 4060.268356] type=1400 audit(1344101947.857:139): apparmor="STATUS" operation="profile_load" name="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=8391 comm="apparmor_parser"
[ 5909.432749] audit_printk_skb: 18 callbacks suppressed
[ 5909.432759] type=1400 audit(1344103797.021:146): apparmor="DENIED" operation="open" parent=8800 profile="/usr/sbin/named" name="/var/log/query.log" pid=8805 comm="named" requested_mask="ac" denied_mask="ac" fsuid=107 ouid=0
root@zotac:~# 

Que puis-je faire pour que cela fonctionne toujours et que je n'ai pas à désactiver l'apparmeur?

La sorcellerie
la source

Réponses:

24
[ 5909.432759] type=1400 audit(1344103797.021:146): apparmor="DENIED" operation="open" parent=8800 profile="/usr/sbin/named" name="/var/log/query.log" pid=8805 comm="named" requested_mask="ac" denied_mask="ac" fsuid=107 ouid=0

En effet, named n'est pas autorisé à écrire dans le fichier /var/log/query.log. Pour résoudre ce problème, ouvrez l'inclusion locale pour le profil d'apparmeur de named ( /etc/apparmor.d/local/usr.sbin.named), ajoutez cette ligne:

/var/log/query.log rw,

Exécutez ensuite

sudo apparmor_parser -r /etc/apparmor.d/usr.sbin.named

pour recharger le profil.

Diego
la source
Quelqu'un (journal de vérification) a été modifié pour pointer vers "/etc/apparmor.d/local" après l'acceptation de la réponse. Mais "local" ne fonctionne pas car l'apparmeur ne considère pas le profil modifié ("identique au profil actuel, en sautant")
Jürgen A. Erhard
J'ai maintenant mis les deux lignes de configuration dans /etc/apparmor.d/usr.sbin.named et rechargé a fonctionné.
Jürgen A. Erhard
Comme l'a commenté Jürgen A. Erhard, cette ligne: (/etc/apparmor.d/local/usr.sbin.named), ne devrait pas l'avoir "/ local". Un modérateur peut-il le corriger s'il vous plaît. Merci.
Jags
0
  1. Ajoutez une ligne dans le fichier: /etc/apparmor.d/local/usr.sbin.named

    / var / lib / named / ** rw,

  2. Courir

    sudo apparmor_parser -r /etc/apparmor.d/usr.sbin.named

  3. Courir

    sudo systemctl start bind9.service

Piotr Sociński
la source