Web lists-archives.com

bind gets permission errors in buster--systemd-related?

I have a new buster system with a bind setup based on (much) older*
systems, on which it worked fine.  On buster, it doesn't.
In two different places in my configuration I referred to files or
directories that were outside of bind proper, and in both cases this
failed with permission problems.
I'm pretty sure bind is running under systemd, and have seen various
references to systemd limiting access to the file system.  However, I
don't see anything that appears to be requesting such limits for
bind9, or in general.  /var is a different partition from /, and I
configured bind to run as an ordinary user.

Any ideas what's going on, or what I can do to fix it?

        // RB modified resolv.conf with custom
/etc/resolvconf/update.d/bind9 to create this file.
    //include "/run/named/named.resolvers";
    /* Error was
May 11 12:46:27 barley named[15935]: loading configuration from
May 11 12:46:27 barley named[15935]: /etc/bind/named.conf.options:18:
open: /run/named/named.resolvers: permission denied
May 11 12:46:27 barley named[15935]: loading configuration: permission denied
May 11 12:46:27 barley named[15935]: exiting (due to fatal error)

The script clearly starts as the bind user, and when I su to bind I
can cat the file.

Second,  I had a bunch of logging directives like
logging {
/*  permission problems opening the log files.  Not sure why.
  channel update_debug{
    file "/var/log/bind/dnsupdate.log";
    severity  debug 3;
    print-category yes;
    print-severity yes;
    print-time yes;
/var/log/bind is owned by bind.

For now I just commented the problems out, but I'd like it to work.
For one thing, my network configuration is not static.


*Specifically bind9 (1:9.8.4.dfsg.P1-6+nmu2+deb7u20) wheezy-security