Ubuntu
apparmor package

  1. Bug #1872564
  2. Comment #26

Comment 26 for bug 1872564

Revision history for this message
Brian Murray (brian-murray) wrote :

I don't see the following step from the Test Case performed in comment #20. Was it?

4) check kernel logs for DENIED
$ journalctl -o cat -b0 -k | grep 'apparmor="DENIED"' | grep -F 'profile="/usr/sbin/named"'

or, depending on how logging is configured:

$ dmesg | grep 'apparmor="DENIED"' | grep -F 'profile="/usr/sbin/named"'

Step 4, should not return anything. Because systemd is involved in the user/group lookups, it currently returns the following: