apparmor profile should be in complain mode on certain upgrades

Bug #203528 reported by Jamie Strandboge on 2008-03-18
Affects Status Importance Assigned to Milestone
bind9 (Ubuntu)
LaMont Jones

Bug Description

Binary package hint: bind9

As shipped, the apparmor profile is in enforcing mode. This should change to follow

CVE References

Changed in bind9:
assignee: nobody → jamie-strandboge
status: New → Triaged

This work is based on
Confirmed to work on bind9 dapper - hardy upgrade, bind9 +
apparmor-profiles gutsy - hardy and standard upgrades and installs.

 status inprogress

Changed in bind9:
status: Triaged → In Progress
LaMont Jones (lamont) wrote :

in 1:9.4.2-8

Changed in bind9:
assignee: jamie-strandboge → lamont
status: In Progress → Fix Committed
Jamie Strandboge (jdstrand) wrote :

Please also include this patch to postrm also. Sorry for the additional

LaMont Jones (lamont) wrote :

0002 also in -8.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package bind9 - 1:9.4.2-9

bind9 (1:9.4.2-9) unstable; urgency=low

  * apparmor: allow subdirs in {/etc,/var/cache,/var/lib}/bind
  * apparmor: make profile match README.Debian

bind9 (1:9.4.2-8) unstable; urgency=low


  * CVE-2008-0122: off by one error in (unused) inet_network function.
    Closes: #462783 LP: #203476

  [Michael Milligan]

  * Fix min-cache-ttl and min-ncache-ttl keywords

  [Jamie Strandboge]

  * apparmor: force complain-mode for apparmor on certain upgrades. LP: #203528
  * debian/bind9.postrm: purge /etc/apparmor.d/force-complain/usr.sbin.named

bind9 (1:9.4.2-7) unstable; urgency=low

  [Jamie Strandboge]

  * Allow rw access to /var/lib/bind/* in apparmor-profile. LP: #201954

  [LaMont Jones]

  * Drop root-delegation comments from named.conf. Closes: #217829, #297219

 -- LaMont Jones <email address hidden> Fri, 04 Apr 2008 11:44:26 +0100

Changed in bind9:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers