© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
People who are chrooting bind should definitely have a bit of administration knowledge. People who just blindly follow some tutorial without knowing what's really going on might run into problems with apparmor. But it's questionable whether those people really should fiddle about bind then.
Apparmor is a security container, if you whitelist everything, you are subverting its purpose. Ubuntu provides a setup that somewhat works with the default settings of daemons (far from perfect though). If you change the settings for a daemon, you're responsible for updating the apparmor configuration too. I doubt that your bind-chroot settings for apparmor would work for my bind-chroot.
A bind chroot isn't the only thing that requires manual apparmor configuration by the way. Other examples are mysql chroots, mysql installations with non-standard data-dirs, ... There's just no way that the default Ubuntu apparmor configuration can handle all of them.