Page 2 of 2 FirstFirst 12
Results 11 to 16 of 16

Thread: [SOLVED] Hardy chrooted bind9 fails to start

  1. #11
    Join Date
    Aug 2006
    Location
    home
    Beans
    Hidden!
    Distro
    Ubuntu Studio 9.10 Karmic Koala

    Re: [SOLVED] Hardy chrooted bind9 fails to start

    Quote Originally Posted by jmandawg View Post
    Thanks, this solved my problem.

    DO we even need to chroot bind anymore, since it's running inside apparmor?
    I've got no idea... but my rudimentary understanding of running apparmor -by creating protected environments ( hats ) & setting permissions on an application level - tells me those 2 are in a way complementary ... but not identical...

    The danger here is that it might not be a 1+1=2 thing ...
    It will most likely not weaken security, but for that some of the dev's need to step up ...

    If someone knows about a package ( maybe one specifically crafted for that ) with known weaknesses I might try some things out ( injecting code etc... ) ( days are to short )

    So given the fact that this is still a beta of an LTS release those kind of tests will surely be performed by people more versed ..... so until then I'll assume there's no harm either....

    Last edited by djamu; April 3rd, 2008 at 04:36 PM.
    democracy : 2 wolves and a sheep voting on "what's for dinner"
    i am self-employed, and my views reflect the electrical charges held between many simultaneously firing synapses... or is that synapsi?
    http://3d.uk.to

  2. #12
    Join Date
    Aug 2006
    Location
    home
    Beans
    Hidden!
    Distro
    Ubuntu Studio 9.10 Karmic Koala

    Re: [SOLVED] Hardy chrooted bind9 fails to start

    updated
    democracy : 2 wolves and a sheep voting on "what's for dinner"
    i am self-employed, and my views reflect the electrical charges held between many simultaneously firing synapses... or is that synapsi?
    http://3d.uk.to

  3. #13
    Join Date
    Mar 2007
    Beans
    Hidden!

    Re: [SOLVED] Hardy chrooted bind9 fails to start

    Thanks djamu, almost a year later and experienced the same problem on 9.04

    There really should be some discussion about apparmor vs chroot.... would make life lot easier if only one or other would be required, probably would save a bit on server resources too.

  4. #14
    Join Date
    Oct 2009
    Beans
    1

    Re: [SOLVED] Hardy chrooted bind9 fails to start

    Took awhile to stumble upon this very helpful thread.

    Looking at the ApparmorFAQ it appears to be yet another approach to security, be it chroot, selinux and now apparmor...sigh...

    Perhaps the Apparmor devs can put a more apparent finger print in the log message when denies are logged.

  5. #15
    Join Date
    Mar 2011
    Beans
    52
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: [SOLVED] Hardy chrooted bind9 fails to start

    i also have the same problem but did not find anything weird related to apparmor
    Code:
    starting BIND 9.7.0-P1 -g
    15-Jun-2012 18:09:58.266 built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-dlz-postgres=no' '--with-dlz-mysql=no' '--with-dlz-bdb=yes' '--with-dlz-filesystem=yes' '--with-dlz-ldap=yes' '--with-dlz-stub=yes' '--with-geoip=/usr' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' 'LDFLAGS=-Wl,-Bsymbolic-functions' 'CPPFLAGS='
    15-Jun-2012 18:09:58.267 adjusted limit on open files from 1024 to 1048576
    15-Jun-2012 18:09:58.267 found 1 CPU, using 1 worker thread
    15-Jun-2012 18:09:58.268 using up to 4096 sockets
    15-Jun-2012 18:09:58.288 loading configuration from '/etc/bind/named.conf'
    15-Jun-2012 18:09:58.289 /etc/bind/named.conf.options:16: missing ';' before '}'
    15-Jun-2012 18:09:58.290 loading configuration: failure
    15-Jun-2012 18:09:58.291 exiting (due to fatal error)
    any solution for this?

  6. #16
    Join Date
    Jun 2012
    Beans
    4

    Smile Re: [SOLVED] Hardy chrooted bind9 fails to start

    Looks like there is a configuration error in :
    /etc/bind/named.conf.options: on line 16 can you post your config of this file?

Page 2 of 2 FirstFirst 12

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •