I am trying to run bind9 with chroot jail. I followed the steps mentioned at : http://www.howtoforge.com/debian_bind9_master_slave_system
I am getting the following errors in my syslog:
Jul 27 16:53:49 conf002 named[3988]: starting BIND 9.7.3 -u bind -t /var/lib/named
Jul 27 16:53:49 conf002 named[3988]: built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-dlz-postgres=no' '--with-dlz-mysql=no' '--with-dlz-bdb=yes' '--with-dlz-filesystem=yes' '--with-dlz-ldap=yes' '--with-dlz-stub=yes' '--with-geoip=/usr' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' 'LDFLAGS=-Wl,-Bsymbolic-functions' 'CPPFLAGS='
Jul 27 16:53:49 conf002 named[3988]: adjusted limit on open files from 4096 to 1048576
Jul 27 16:53:49 conf002 named[3988]: found 4 CPUs, using 4 worker threads
Jul 27 16:53:49 conf002 named[3988]: using up to 4096 sockets
Jul 27 16:53:49 conf002 named[3988]: loading configuration from '/etc/bind/named.conf'
Jul 27 16:53:49 conf002 named[3988]: none:0: open: /etc/bind/named.conf: permission denied
Jul 27 16:53:49 conf002 named[3988]: loading configuration: permission denied
Jul 27 16:53:49 conf002 named[3988]: exiting (due to fatal error)
Jul 27 16:53:49 conf002 kernel: [74323.514875] type=1400 audit(1343433229.352:108): apparmor="DENIED" operation="open" parent=3987 profile="/usr/sbin/named" name="/var/lib/named/etc/bind/named.conf" pid=3992 comm="named" requested_mask="r" denied_mask="r" fsuid=103 ouid=103
Looks like the process can not read the file /var/lib/named/etc/bind/named.conf. I have made sure that the owner of this file is user bind, and it has the read/write access to it:
root@test:/var/lib/named/etc/bind# ls -atl
total 64
drwxr-xr-x 3 bind bind 4096 2012-07-27 16:35 ..
drwxrwsrwx 2 bind bind 4096 2012-07-27 15:26 zones
drwxr-sr-x 3 bind bind 4096 2012-07-26 21:36 .
-rw-r--r-- 1 bind bind 666 2012-07-26 21:33 named.conf.options
-rw-r--r-- 1 bind bind 514 2012-07-26 21:18 named.conf.local
-rw-r----- 1 bind bind 77 2012-07-25 00:25 rndc.key
-rw-r--r-- 1 bind bind 2544 2011-07-14 06:31 bind.keys
-rw-r--r-- 1 bind bind 237 2011-07-14 06:31 db.0
-rw-r--r-- 1 bind bind 271 2011-07-14 06:31 db.127
-rw-r--r-- 1 bind bind 237 2011-07-14 06:31 db.255
-rw-r--r-- 1 bind bind 353 2011-07-14 06:31 db.empty
-rw-r--r-- 1 bind bind 270 2011-07-14 06:31 db.local
-rw-r--r-- 1 bind bind 2994 2011-07-14 06:31 db.root
-rw-r--r-- 1 bind bind 463 2011-07-14 06:31 named.conf
-rw-r--r-- 1 bind bind 490 2011-07-14 06:31 named.conf.default-zones
-rw-r--r-- 1 bind bind 1317 2011-07-14 06:31 zones.rfc1918
What could be wrong here?
You need to edit
/etc/apparmor.d/usr.sbin.namedto give Bind permission to access those files in the chroot. You basically want to modify all the paths specified there to be prefixed by the chroot location. Runservice apparmor reloadafter making the changes.It says, it need permissions to access these folders. You should add
in /etc/apparmor.d/usr.sbin.named then it works.
Apparmor and bind9 have some conflicts with Plesk.
Edit the file
/etc/apparmor.d/local/usr.sbin.namedand add:/var/named/run-root/** rwm,Reload and restart:
service apparmor reload service bind9 startNow everything should work properly.