apparmor errors when starting unbound
I recently upgraded a server that was running Ubuntu 16.04.5 LTS and unbound 1.5.8 to Ubuntu 18.04.1 LTS and unbound 1.6.7. After the upgrade I noticed that unbound was no longer logging query data to the locally-configured log file I had specified in /etc/unbound/
log-queries: yes
logfile: /var/log/
Here is what the log file looks like:
-rw-r----- 1 unbound unbound 1633855 Aug 26 07:59 unbound.log
I found this error in /var/log/syslog:
Sep 10 13:00:08 myserver kernel: [104375.096935] audit: type=1400 audit(153659880
comm="unbound" requested_mask="ac" denied_mask="ac" fsuid=122 ouid=122
So I added an entry to /etc/apparmor.
/var/log/
and the error above was resolved when I tried to restart unbound. However, two other apparmor errors appeared:
Sep 10 13:55:31 myserver kernel: [107697.184878] audit: type=1400 audit(153660021
Sep 10 13:55:31 myserver kernel: [107697.185359] audit: type=1400 audit(153660021
These were resolved by adding entries to /etc/apparmor.
capability dac_read_search,
capability dac_override,
With these profile entries in place I could start unbound with no apparmor errors.
Are these bugs or an issue with my installation? Should these capabilities need to be added to the default profile found at /etc/apparmor.
Question information
- Language:
- English Edit question
- Status:
- Expired
- For:
- Ubuntu Edit question
- Assignee:
- No assignee Edit question
- Last query:
- Last reply: