bin9 and apparmor problem

Binary package hint: bind9

bind 1:9.6.0.dfsg.P1-2

See also http://www.howtoforge.org/forums/showthread.php?p=116893

The apparmor profile does not allow bind9 to use a /var/lib/named change root

May 23 13:04:35 obiwan named[14416]: starting BIND 9.6.0-P1 -u bind -t /var/lib/named
May 23 13:04:35 obiwan named[14416]: built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-dlz-postgres=no' '--with-dlz-mysql=no' '--with-dlz-bdb=yes' '--with-dlz-filesystem=yes' '--with-dlz-ldap=yes' '--with-dlz-stub=yes' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' 'LDFLAGS=-Wl,-Bsymbolic-functions' 'CPPFLAGS=' 'CXXFLAGS=-g -O2' 'FFLAGS=-g -O2'
May 23 13:04:35 obiwan named[14416]: found 2 CPUs, using 2 worker threads
May 23 13:04:35 obiwan named[14416]: using up to 4096 sockets
May 23 13:04:35 obiwan named[14416]: loading configuration from '/etc/bind/named.conf'
May 23 13:04:35 obiwan named[14416]: none:0: open: /etc/bind/named.conf: permission denied
May 23 13:04:35 obiwan named[14416]: loading configuration: permission denied
May 23 13:04:35 obiwan named[14416]: exiting (due to fatal error)

ProblemType: Bug
Architecture: amd64
Date: Sat May 23 13:15:49 2009
DistroRelease: Ubuntu 9.10
NonfreeKernelModules: nvidia
Package: bind9 (not installed)
ProcEnviron:
 LANG=en_US.UTF-8
 SHELL=/bin/bash
ProcVersionSignature: Ubuntu 2.6.30-5.6-generic
SourcePackage: bind9
Uname: Linux 2.6.30-5-generic x86_64