Ubuntu
bind9 package

apparmor exception missing for keytab

Bug #277370 reported by Jelmer Vernooij
2
Affects Status Importance Assigned to Milestone
bind9 (Ubuntu)
Fix Released
Undecided
LaMont Jones

Bug Description

Binary package hint: bind9

When using GSS-TSIG it is necessary to specify a keytab file for bind, which should be lockable. The attached patch adds an entry in the apparmor file to allow bind to read and lock this file.

Revision history for this message
Jelmer Vernooij (jelmer) wrote :
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thanks Jelmer. Here is a debdiff fixing this bug and bug #289060. I added to the profile:
  # gssapi
  /etc/krb5.keytab kr,
  /etc/bind/krb5.keytab kr,

This allows for both the Debian and widely documented locations of the keytab.

LaMont Jones (lamont)
Changed in bind9:
assignee: nobody → lamont
status: New → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package bind9 - 1:9.5.0.dfsg.P2-5

---------------
bind9 (1:9.5.0.dfsg.P2-5) unstable; urgency=low

  [ISC]

  * 2463: IPv6 Advanced Socket API broken on linux. LP: #249824

  [Jamie Strandboge]

  * apparmor: add capability sys_resource
  * apparmor: add krb keytab access. LP: #277370

  [LaMont Jones]

  * apparmor: allow proc/*/net/if_inet6 read access too. LP: #289060
  * apparmor: add /var/log/named/* entries. LP: #294935

  [Ben Hutchings]

  * meta: Add dependency of bind9 on net-tools (ifconfig used in init script)
  * meta: Fix bind9utils Depends.
  * meta: fix typo in package description

  [localization folks]

  * l10n: add polish debconf translations. Closes: #506856 (L)

 -- Ubuntu Archive Auto-Sync <email address hidden> Wed, 10 Dec 2008 00:40:25 +0000

Changed in bind9:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.