Applicable to:
- Plesk for Linux
Symptoms
-
Unable to start bind9
-
Errors like the following in the system log
/var/log/syslog
:CONFIG_TEXT: named[8362]: loading configuration from '/etc/named.conf'
named[8362]: open: /etc/named.conf: permission denied
named[8362]: loading configuration: permission denied
named[8362]: exiting (due to fatal error)
kernel: [34074.383056] type=1400 audit(1494212104.678:254): apparmor="DENIED" operation="open" profile="/usr/sbin/named" name="/var/named/run-root/etc/named.conf" pid=8363 comm="named" requested_mask="r" denied_mask="r" fsuid=107 ouid=0
Cause
AppArmor prevent bind9/named from reading DNS server configuration files
Resolution
-
Connect to the server via SSH
-
Edit file
/etc/apparmor.d/local/usr.sbin.named
file in any text editor -
Add the following into
/etc/apparmor.d/local/usr.sbin.named
file:CONFIG_TEXT: /var/named/run-root/** rwm,
-
Ensure that
include <local/usr.sbin.named>
directive is not commented with#
in/etc/apparmor.d/usr.sbin.named
# tail -3 /etc/apparmor.d/usr.sbin.named
# Site-specific additions and overrides. See local/README for details.
include <local/usr.sbin.named>
} -
Reload AppArmor:
# systemctl reload apparmor
-
Start bind9 service:
# systemctl restart bind9
Comments
1 comment
The better solution is
Please sign in to leave a comment.