Jun 25 15:25:19 nyhdns01 kernel: [ 1249.991165] type=1400 audit(1340652319.705:7): apparmor="DENIED" operation="mknod" parent=1 profile="/usr/sbin/named" name="/etc/bind/zones/tmp-aSrmPQ6y4K" pid=1776 comm="named" requested_mask="c" denied_mask="c" fsuid=106 ouid=106
The AppArmor profile for bind prevents writing under /etc/bind, however, my standard is to store all the zones under /etc/bind/zones. Editing /etc/apparmor.d/usr.sbin.named to add
/etc/bind/zones/**,
solved the issue.
This comment has been removed by the author.
ReplyDeletecorrect line is:
ReplyDelete/etc/bind/zones/** rw,