apparmor exception missing for keytab
Bug #277370 reported by
Jelmer Vernooij
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
bind9 (Ubuntu) |
Fix Released
|
Undecided
|
LaMont Jones |
Bug Description
Binary package hint: bind9
When using GSS-TSIG it is necessary to specify a keytab file for bind, which should be lockable. The attached patch adds an entry in the apparmor file to allow bind to read and lock this file.
Changed in bind9: | |
assignee: | nobody → lamont |
status: | New → Fix Committed |
To post a comment you must log in.
Thanks Jelmer. Here is a debdiff fixing this bug and bug #289060. I added to the profile: bind/krb5. keytab kr,
# gssapi
/etc/krb5.keytab kr,
/etc/
This allows for both the Debian and widely documented locations of the keytab.