Support Home Communities Home   Search Today's Posts Mark Forums Read

 
 
LinkBack Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #11  
Old 12-Mar-2008, 08:38 AM
Bob Piskac
NNTP User
  
Posts: n/a
Default Re: set file modification time
I feel this is a bug in AppArmor. I have turned it off and will keep it off.
Since Novell fired the developers, there is no need for me to run this
software.

<ab@novell.com> wrote in message
news:pIHBj.612$9J3.346@kovat.provo.novell.com...
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I don't see the capability option no matter where I look so I'm
> surprised, with write rights, that you are having a problem related to
> AppArmor. Does your DNS server not work in this scenario or is it just
> the presence of these errors/warnings that you are concerned about? I
> may need to figure out how to use named properly to do some debugging of
> my own it appears.
>
> Good luck.
>
>
>
>
>
> Bob Piskac wrote:
> | Is it true that the apparmor developers were laid off last year?
> |
> | "Bob Piskac" <bob@pbsoftware.com> wrote in message
> | news:CkuBj.238$9J3.95@kovat.provo.novell.com...
> |> I found the documentation, but no mention of the capability options.
> |> I am guessing I need to add a cabability. Where do I find the docs
> |> for this?
> |>
> |> http://www.novell.com/documentation/apparmor/
> |>
> |> "Bob Piskac" <bob@pbsoftware.com> wrote in message
> |> news:mblBj.123$9J3.100@kovat.provo.novell.com...
> |>> It is chrooted in... /var/lib/named
> |>>
> |>> <ab@novell.com> wrote in message
> |>> news:vgjBj.91$9J3.31@kovat.provo.novell.com...
> | And where is the file? I assume it's in /var somewhere and would
> | assume
> | /var/named but want to be sure.
> |
> | Good luck.
> |
> |
> |
> |
> |
> | Bob Piskac wrote:
> | | # $Id: usr.sbin.named 307 2007-01-19 12:05:05Z seth_arnold $
> | | #
> | | # ------------------------------------------------------------------
> | | #
> | | # Copyright (C) 2002-2005 Novell/SUSE
> | | #
> | | # This program is free software; you can redistribute it and/or
> | | # modify it under the terms of version 2 of the GNU General Public
> | | # License published by the Free Software Foundation.
> | | #
> | | # ------------------------------------------------------------------
> | | # vim:syntax=apparmor
> | | # Last Modified: Wed Aug 17 14:09:24 2005
> | |
> | | #include <tunables/global>
> | |
> | | /usr/sbin/named {
> | | #include <abstractions/base>
> | | #include <abstractions/nameservice>
> | | #include <abstractions/xad>
> | |
> | | capability net_bind_service,
> | | capability setgid,
> | | capability setuid,
> | | capability sys_chroot,
> | |
> | | /** r,
> | | /dyn/** rwl,
> | | /usr/bin/dnskeygen mix,
> | | /usr/bin/dnsquery mix,
> | | /usr/sbin/named rmix,
> | | /usr/sbin/named-xfer mix,
> | | /var/lib/named/** rwl,
> | | /var/log/** rwl,
> | | /var/named/** rwl,
> | | /var/run/named.pid wl,
> | | /var/run/named/named.pid wl,
> | | /var/run/ndc wl,
> | | /slave/* rw,
> | |
> | | /var/opt/novell/xad/ds/krb5kdc/krb5.keytab r,
> | | /var/tmp/DNS_* rw,
> | | /tmp/DNS_* rw,
> | | }
> | |
> | | <ab@novell.com> wrote in message
> | | news:zndBj.9018$Ec7.2939@kovat.provo.novell.com...
> | | Lacking a 'named' service of my own this may be tricky. Can you post
> | | your relevant usr.sbin.named file (/etc/apparmor.d probably) and the
> | | location of the .db file mentioned in the error? Also is this a file
> | | you have customized at all? If you have write permissions granted
> | then
> | | I'm surprised you're getting an error regarding timestamps but I'm
> | sure
> | | we'll get to the bottom of it.
> | |
> | | Good luck.
> | |
> | |
> | |
> | |
> | |
> | | Bob Piskac wrote:
> | | | Yes, I have apparmor turned off and all is working fine. No
> | | warnings or
> | | | errors. Yes there is a profile, but what option do I need to
> | turn on
> | | | for set file modification time?
> | | |
> | | | <ab@novell.com> wrote in message
> | | | news:g5bBj.8959$Ec7.2417@kovat.provo.novell.com...
> | | | It looks like your DNS server is getting this error for some
> | reason.
> | | | Have you tried stopping AppArmor to be sure it is preventing this
> | | | change? There should be an AppArmor profile for your daemon
> | otherwise
> | | | that shows what it can and cannot do and in there you could add the
> | | | ability for the file to modify 'mydomain.com.db' wherever that is.
> | | |
> | | | Good luck.
> | | |
> | | |
> | | |
> | | |
> | | |
> | | |
> | | | Bob Piskac wrote:
> | | | | Mar 9 21:35:09 ns1 named[2722]: zone mydomain.com/IN:
> | refresh: could
> | | | | not set file modification time of 'mydomain.com.db': permission
> | | denied
> | | | |
> | | | | What do I need to set in apparmore to allw the set file
> | modification
> | | | time?
> |>>
> |>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFH10eUvtsLmbbyAAERAv30AJ9ghoNwMRtjtkGOXsDlBB tuKRjqngCeMy9n
> y5JMmiKi1vkd+Xb9sMT6K6c=
> =POp5
> -----END PGP SIGNATURE-----

Reply With Quote
 

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Threaded Mode Threaded Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT -6. The time now is 04:14 PM.
Contact Us - NOVELL FORUMS - Archive - Privacy Statement - Top

© 2007 Novell, Inc. All Rights Reserved.

Search Engine Friendly URLs by vBSEO 3.3.0 RC2