Ubuntu
bind9 package

[xenial] @{PROC}/sys/net/ipv4/ip_local_port_range denial

Bug #1552441 reported by Jamie Strandboge
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
bind9 (Ubuntu)
Fix Released
High
Unassigned
Ubuntu ubuntu-16.04

Bug Description

[ 1630.599818] audit: type=1400 audit(1456762040.165:24): apparmor="DENIED" operation="open" profile="/usr/sbin/named" name="/proc/sys/net/ipv4/ip_local_port_range" pid=33948 comm="named" requested_mask="r" denied_mask="r" fsuid=113 ouid=0

Fix is:
@{PROC}/sys/net/ipv4/ip_local_port_range r,

Tags: patch apparmor
Revision history for this message
Jamie Strandboge (jdstrand) wrote :
tags: added: apparmor
Changed in bind9 (Ubuntu):
status: New → Triaged
Revision history for this message
LaMont Jones (lamont) wrote :

Fixed in 1:9.10.3.dfsg.P2-5

Changed in bind9 (Ubuntu):
status: Triaged → Fix Committed
Ubuntu Foundations Team Bug Bot (crichton)
tags: added: patch
Robie Basak (racb)
Changed in bind9 (Ubuntu):
milestone: none → ubuntu-16.04
importance: Undecided → High
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package bind9 - 1:9.10.3.dfsg.P2-5

---------------
bind9 (1:9.10.3.dfsg.P2-5) experimental; urgency=medium

  [Timo Aaltonen]

  * Sync 30_dynamic_db.diff from Fedora.
  * rules: Backup some files which dh_autoreconf_clean would remove, restore
    on clean.

  [Jamie Strandboge]

  * apparmor: use @{PROC} instead of /proc, allow read on
    sys.net.ipv4.ip_local_port_range. LP: #1552441

  [LaMont Jones]

  * Return nanosecond-precise time for files, so that we more-correctly know
    when we can skip loading a zonefile. (Bug introduced 9.9.3b2)

 -- LaMont Jones <email address hidden> Thu, 03 Mar 2016 18:17:06 -0700

Changed in bind9 (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.