[Pkg-dns-devel] Bug#884995: Bug#884995: bind9 doesn't start after upgrade. Complains /var/log/bind.log permission denied
ondrej at sury.org
ondrej at sury.org
Fri Dec 22 16:36:28 UTC 2017
Control: severity -1 normal
Please also note that it doesn't break unrelated software.
Ondřej
On 22 December 2017 17.09.17 Noury <nb at dagami.org> wrote:
> Package: bind9
> Version: 1:9.11.2+dfsg-5
> Severity: critical
> Justification: breaks unrelated software
>
> Dear Maintainer,
>
> When starting bind9, I have error messages and bind doesn't start
> Other packages are unusable because they need it (ex exim4 as it's my MTA)
>
> Extract from /var/log/syslog:
>
> =========== begin =================
> Dec 22 16:28:39 colibri named[26358]: none:105: 'max-cache-size 90%' -
> setting to 1760MB (out of 1955MB)
> Dec 22 16:28:39 colibri named[26358]: configuring command channel from
> '/etc/bind/rndc.key'
> Dec 22 16:28:39 colibri named[26358]: command channel listening on
> 127.0.0.1#953
> Dec 22 16:28:39 colibri named[26358]: configuring command channel from
> '/etc/bind/rndc.key'
> Dec 22 16:28:39 colibri named[26358]: command channel listening on ::1#953
> Dec 22 16:28:39 colibri named[26358]: isc_stdio_open '/var/log/bind.log'
> failed: permission denied
> Dec 22 16:28:39 colibri named[26358]: isc_stdio_open '/var/log/bind.log'
> failed: permission denied
> Dec 22 16:28:39 colibri named[26358]: configuring logging: permission denied
> Dec 22 16:28:39 colibri named[26358]: loading configuration: permission denied
> Dec 22 16:28:39 colibri named[26358]: exiting (due to fatal error)
> Dec 22 16:28:39 colibri kernel: [288377.634631] audit: type=1400
> audit(1513956519.915:16): apparmor="DENIED" operation="mknod"
> profile="/usr/sbin/named" name="/var/log/bind.log" pid=26358
> comm="isc-worker0000" requested_mask="c" denied_mask="c" fsuid=110 ouid=110
> Dec 22 16:28:39 colibri systemd[1]: bind9.service: Main process exited,
> code=exited, status=1/FAILURE
> Dec 22 16:28:39 colibri systemd[1]: bind9.service: Failed with result
> 'exit-code'.
>
> =========== end =================
>
> Some other informations:
>
> ls -l /var/log/bind.log:
> -rw-rw-r-- 1 root bind 10485840 Jul 28 2016 /var/log/bind.log
>
> grep bind /etc/passwd
> bind:x:110:116::/var/cache/bind:/bin/false
>
> grep bind /etc/group
> bind:x:116:
>
> -- System Information:
> Debian Release: buster/sid
> APT prefers testing
> APT policy: (500, 'testing')
> Architecture: amd64 (x86_64)
>
> Kernel: Linux 4.13.0-1-amd64 (SMP w/1 CPU core)
> Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
> LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
> Init: systemd (via /run/systemd/system)
>
> Versions of packages bind9 depends on:
> ii adduser 3.116
> ii bind9utils 1:9.11.2+dfsg-5
> ii debconf [debconf-2.0] 1.5.65
> ii libbind9-160 1:9.11.2+dfsg-5
> ii libc6 2.25-3
> ii libcap2 1:2.25-1.2
> ii libcomerr2 1.43.7-1
> ii libdns169 1:9.11.2+dfsg-5
> ii libgeoip1 1.6.11-3
> ii libgssapi-krb5-2 1.15.2-2
> ii libirs160 1:9.11.2+dfsg-5
> ii libisc166 1:9.11.2+dfsg-5
> ii libisccc160 1:9.11.2+dfsg-5
> ii libisccfg160 1:9.11.2+dfsg-5
> ii libjson-c3 0.12.1-1.2
> ii libk5crypto3 1.15.2-2
> ii libkrb5-3 1.15.2-2
> ii liblwres160 1:9.11.2+dfsg-5
> ii libssl1.1 1.1.0g-2
> ii libxml2 2.9.4+dfsg1-5.2
> ii lsb-base 9.20170808
> ii net-tools 1.60+git20161116.90da8a0-1
> ii netbase 5.4
>
> bind9 recommends no packages.
>
> Versions of packages bind9 suggests:
> pn bind9-doc <none>
> ii dnsutils 1:9.11.2+dfsg-5
> pn resolvconf <none>
> pn ufw <none>
>
> -- Configuration Files:
> /etc/bind/named.conf.local changed:
> //
> // Do any local configuration here
> //
> // Consider adding the 1918 zones here, if they are not used in your
> // organization
> //include "/etc/bind/zones.rfc1918";
> zone "dagami.org"{
> type master;
> file "zone/dagami.org";
> notify yes;
> also-notify{
> 173.244.206.26; # a.transfer.buddyns.com
> 217.70.177.40; # ns6.gandi.net
> 88.198.106.11; # c.ns.buddyns.com
> 103.6.87.125; # c.ns.buddyns.com
> };
> allow-transfer {
> 173.244.206.26; # a.transfer.buddyns.com
> 88.198.106.11; # c.ns.buddyns.com
> 108.61.224.67; # buddydns
> 103.6.87.125; # buddydns
> 185.136.176.247; # buddydns
> 217.70.177.40; # ns6.gandi.net
> 103.6.87.125; # c.ns.buddyns.com
> };
> allow-update {
> 127.0.0.1;
> 51.255.40.59;
> };
> journal "/var/cache/bind/zone/dagami.org.jnl";
> };
> zone "dagami.tk"{
> type master;
> file "zone/dagami.tk";
> notify yes;
> also-notify{
> 173.244.206.26; # a.transfer.buddyns.com
> 88.198.106.11; # c.ns.buddyns.com
> };
> allow-transfer {
> 173.244.206.26; # a.transfer.buddyns.com
> 88.198.106.11; # c.ns.buddyns.com
> };
> };
> zone "1.168.192.IN-ADDR.ARPA"{
> type master;
> file "zone/192.168.1";
> notify no;
> };
> zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.3.1.0.a.0.0.0.b.c.1.0.a.2.ip6.arpa"{
> type master;
> file "zone/reverse_ipv6";
> notify no;
> };
> zone "0.0.0.0.0.0.0.0.0.0.0.0.0.9.4.0.1.0.1.0.0.c.2.5.4.0.a.2.ip6.arpa"{
> type master;
> file "zone/reverse_ipv6_liteserver";
> notify no;
> };
> zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.2.0.3.0.0.d.1.4.1.0.0.2.ip6.arpa"{
> type master;
> file "zone/reverse_ipv6_colibri";
> notify no;
> };
>
>
> -- debconf information:
> bind9/run-resolvconf: false
> bind9/start-as-user: bind
> bind9/different-configuration-file:
>
> _______________________________________________
> pkg-dns-devel mailing list
> pkg-dns-devel at lists.alioth.debian.org
> https://lists.alioth.debian.org/mailman/listinfo/pkg-dns-devel
More information about the pkg-dns-devel
mailing list