Results 1 to 2 of 2

Thread: Getting a denied_mask="r for bind for name="/usr/local/lib/libGeoIP.so.1.4.6"

  1. #1
    Join Date
    Apr 2009
    Beans
    341
    Distro
    Ubuntu 14.04 Trusty Tahr

    Getting a denied_mask="r for bind for name="/usr/local/lib/libGeoIP.so.1.4.6"

    Does any one know how to modify the bind apparmor profile to allow reading from name="/usr/local/lib/libGeoIP.so.1.4.6". The apparmor is the default one that ships with Ubuntu 10.04 by default.

    I'm thinking something like...
    /usr/local/lib/** r
    Or
    /usr/local/lib/ r

    Which one is correct.

    Error message.
    Code:
    Dec  2 08:55:58 universal-mechanism kernel: [114310.720001] type=1503 audit(1291305358.425:23):  operation="open" pid=10765 parent=10758 profile="/usr/sbin/named" requested_mask="r::" denied_mask="r::" fsuid=0 ouid=0 name="/usr/local/lib/libGeoIP.so.1.4.6"
    I included my named apparmor profile as attachment.
    Attached Files Attached Files

  2. #2
    Join Date
    Apr 2009
    Beans
    341
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Getting a denied_mask="r for bind for name="/usr/local/lib/libGeoIP.so.1.4.6"

    Solved for those who want GeoIP for Bind9.

    Put this in your apparmor profile for Bind9.

    /usr/local/lib/** r,
    /usr/local/lib/libGeoIP*.so* m,

    The files need to be memory mapped.

    EDIT. It's possible that bind9 needs only access to /lib and not sub-dir. But I'm too lazy to check.

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •