Ubuntu
unbound package

  1. Bug #2064096
  2. Comment #27

Comment 27 for bug 2064096

Revision history for this message
Gabriel de Perthuis (g2p) wrote (last edit ):

This also affects unbound: the name resolution service didn't start (it was possible to start unbound outside of service management, because it doesn't look for /run/systemd/notify in that case). I do use dracut.

Upgrading systemd and related packages to 255.4-1ubuntu8.1 (upgrading udev regenerates the initramfs) fixes it.

Before that, errors looked like:
journalctl -k -b-1 --grep 'apparmor.*unbound'
mai 27 10:02:22 host kernel: audit: type=1400 audit(1716796942.487:146): apparmor="DENIED" operation="sendmsg" class="file" profile="unbound" name="/systemd/journal/dev-log" pid=1175 comm="unbound" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
mai 27 10:02:22 host kernel: audit: type=1400 audit(1716796942.487:147): apparmor="DENIED" operation="connect" class="file" profile="unbound" name="/systemd/userdb/io.systemd.DynamicUser" pid=1175 comm="unbound" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0
mai 27 10:02:22 host kernel: audit: type=1400 audit(1716796942.542:153): apparmor="DENIED" operation="sendmsg" class="file" profile="unbound" name="/systemd/notify" pid=1175 comm="unbound" requested_mask="w" denied_mask="w" fsuid=126 ouid=0