Getting a denied_mask="r for bind for name="/usr/local/lib/libGeoIP.so.1.4.6"

**MechaMechanism** · December 2nd, 2010

Does any one know how to modify the bind apparmor profile to allow reading from name="/usr/local/lib/libGeoIP.so.1.4.6". The apparmor is the default one that ships with Ubuntu 10.04 by default.

I'm thinking something like...
/usr/local/lib/** r
Or
/usr/local/lib/ r

Which one is correct.

Error message.

Code:

Dec  2 08:55:58 universal-mechanism kernel: [114310.720001] type=1503 audit(1291305358.425:23):  operation="open" pid=10765 parent=10758 profile="/usr/sbin/named" requested_mask="r::" denied_mask="r::" fsuid=0 ouid=0 name="/usr/local/lib/libGeoIP.so.1.4.6"

I included my named apparmor profile as attachment.

**MechaMechanism** · December 3rd, 2010

Solved for those who want GeoIP for Bind9.

Put this in your apparmor profile for Bind9.

/usr/local/lib/** r,
/usr/local/lib/libGeoIP*.so* m,

The files need to be memory mapped.

EDIT. It's possible that bind9 needs only access to /lib and not sub-dir. But I'm too lazy to check.

Thread: Getting a denied_mask="r for bind for name="/usr/local/lib/libGeoIP.so.1.4.6"

Thread Tools

Display

Getting a denied_mask="r for bind for name="/usr/local/lib/libGeoIP.so.1.4.6"

Re: Getting a denied_mask="r for bind for name="/usr/local/lib/libGeoIP.so.1.4.6"

Tags for this Thread

Bookmarks

Bookmarks

Posting Permissions