Web lists-archives.com

Re: bind gets permission errors in buster--systemd-related?




On 2019-05-14 21:50 -0700, Ross Boylan wrote:

> I have a new buster system with a bind setup based on (much) older*
> systems, on which it worked fine.  On buster, it doesn't.
> In two different places in my configuration I referred to files or
> directories that were outside of bind proper, and in both cases this
> failed with permission problems.
> I'm pretty sure bind is running under systemd, and have seen various
> references to systemd limiting access to the file system.  However, I
> don't see anything that appears to be requesting such limits for
> bind9, or in general.  /var is a different partition from /, and I
> configured bind to run as an ordinary user.
>
> Any ideas what's going on, or what I can do to fix it?

Most likely this has nothing to do with systemd, rather it's apparmor
which denies access to /run/named/named.resolvers.

>         // RB modified resolv.conf with custom
> /etc/resolvconf/update.d/bind9 to create this file.
>     //include "/run/named/named.resolvers";
>     /* Error was
> May 11 12:46:27 barley named[15935]: loading configuration from
> '/etc/bind/named.conf'
> May 11 12:46:27 barley named[15935]: /etc/bind/named.conf.options:18:
> open: /run/named/named.resolvers: permission denied

The question is why your /etc/bind/named.conf.options file tries to open
/run/named/named.resolvers.  Certainly this is not done by default, and
you probably want to fix that.

Cheers,
       Sven