apparmor rules for bind9

2025-08-14 10:37:39 -07:00 · 2016-08-26 17:27:02 +03:00 · 2016-08-26 17:27:02 +03:00 · 6eca748bce
commit 6eca748bce
parent 7d08a3a614
2 changed files with 12 additions and 8 deletions
--- a/install/vst-install-ubuntu.sh
+++ b/install/vst-install-ubuntu.sh
@ -595,9 +595,6 @@ rm -f /usr/sbin/policy-rc.d
 sed -i "s/rdAuthentication no/rdAuthentication yes/g" /etc/ssh/sshd_config
 service ssh restart

-# AppArmor
-#aa-complain /usr/sbin/named
-
 # Disable awstats cron
 rm -f /etc/cron.d/awstats

@ -627,8 +624,6 @@ chmod 755 /usr/bin/rssh
 #                     Configure VESTA                      #
 #----------------------------------------------------------#

-# AppArmor
-aa-complain /usr/sbin/named 2>/dev/null

 # Downlading sudo configuration
 mkdir -p /etc/sudoers.d
@ -957,6 +952,12 @@ if [ "$named" = 'yes' ]; then
    sed -i "s%listen-on%//listen%" /etc/bind/named.conf.options
    chown root:bind /etc/bind/named.conf
    chmod 640 /etc/bind/named.conf
+    aa-complain /usr/sbin/named 2>/dev/null
+    echo "/home/** rwm," >> /etc/apparmor.d/local/usr.sbin.named 2>/dev/null
+    service apparmor status >/dev/null 2>&1
+    if [ $? -ne 0 ]; then
+        service apparmor restart
+    fi
    update-rc.d bind9 defaults
    service bind9 start
    check_result $? "bind9 start failed"