Web lists-archives.com

Re: bind gets permission errors in buster--systemd-related?

On 2019-05-15 09:33 -0700, Ross Boylan wrote:

> Sven, thanks for the tip about AppArmor.  Yet another presumably
> complicated system I've avoided learning about til now.  I guess it's
> time.
> As to why bind is trying to open /run/named/named.resolvers: that is a
> customized integration with resolvconf.  It is not the default, but it
> is something I want to work.  Or I need an alternate way to achieve
> the same functionality, which is that when resolvconf gets info on
> nameservers it passes that on to bind.

I am not really familiar with apparmor or resolvconf, but in
/etc/apparmor.d/usr.sbin.named I found the following:

|   # support for resolvconf
|   /{,var/}run/named/named.options r,

which suggests that the standard way would be to use
/run/named/named.options rather than /run/named/named.resolvers.
Alternatively, you may put the following line into

  /{,var/}run/named/named.resolvers r,