unbound-control local socket broken by apparmor
Bug #1749931 reported by
Jean-Daniel Dupas
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
unbound (Debian) |
Fix Released
|
Unknown
|
|||
unbound (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
When trying to setup unbound to use local socket for unbound-control, the resulting socket has the wrong owner and the wrong permission, which make it useless as it requires a root process to use it.
The first issue is that apparmor denies chown to unbound, which result in a failure to set the socket owner/group to unbound/unbound.
The second issue is that the chmod of the socket fails, which result in a socket that can be write to only by the unbound user, and so make it useless for any process that is added to the unbound group (which is the recommended way to access the unbound-control socket).
Changed in unbound (Ubuntu): | |
status: | Incomplete → In Progress |
Changed in unbound (Debian): | |
status: | Unknown → New |
Changed in unbound (Debian): | |
status: | New → Fix Released |
To post a comment you must log in.
I disagree with this. While both bugs are related to app armor, they are not related in any way.
#1723900 is about permission to write in systemd/notify socket, while this one is about using a local socket for unbound-control.