Comment 1 for bug 1752611

Jakub Rohovsky (jakub.rohovsky) wrote :

However, /var/cache/bind/ might not be a "proper" place for statistics file.

(In my honest opinion it really doesn't make any difference, but anyway.)

Problem is that bind package in upstream repo doesn't have a good location for this file in AppArmor profile:

$ grep "w," bind9_9.10.3.dfsg.P4-12.3+deb9u3_amd64_deb/etc/apparmor.d/usr.sbin.named
  /var/lib/bind/** rw,
  /var/lib/bind/ rw,
  /var/cache/bind/** lrw,
  /var/cache/bind/ rw,
  /var/lib/dnscvsutil/compiled/** rw,
  /{,var/}run/named/ w,
  /{,var/}run/named/session.key w,
  /var/log/named/** rw,
  /var/log/named/ rw,
  /{,var/}run/slapd-*.socket rw,
  /var/tmp/DNS_* rw,

So, we can either put it in /var/cache/bind/ or /var/log/named/ and live with that, or add a more better location to the upstream.

To complicate it more - as I went through Launchpad this needs to be fixed in Debian Stable first (according to many comments of previous bug reports) and then wait for it to be merged to Ubuntu.

I can do that, but the difficult question is where the file should be located.

Kindly please let me know what you think.