存在Samba4 4/BIND9 9_DLZ问题: AppArmor权限问题

Question

(12.04.5LTS服务器)

让一个用户“命名”，配置在bind9服务中启动。

My /etc/parmor.d/local/usr.sbin.name文件

/usr/local/samba/lib/** rm,
/usr/local/samba/private/dns.keytab r,
/usr/local/samba/private/named.conf r,
/usr/local/samba/private/dns/** rwk,  //seems that this should have given permission?
/var/named/** r,
/var/named/master/** rwk,

尾-f /var/log/syslog文件：

Dec  3 12:40:13 mailhost named[1701]: failed to generate session key for dynamic DNS: permission denied
Dec  3 12:40:13 mailhost named[1701]: sizing zone task pool based on 6 zones
Dec  3 12:40:13 mailhost named[1701]: Loading 'AD DNS Zone' using driver dlopen
Dec  3 12:40:13 mailhost kernel: [ 8953.539920] type=1400 audit(1417635613.809:41): apparmor="DENIED" operation="open" profile="/usr/sbin/named" name="/usr/local/samba/etc/smb.conf" pid=1702 comm="named" requested_mask="r" denied_mask="r" fsuid=25 ouid=0
Dec  3 12:40:13 mailhost named[1701]: samba_dlz: Failed to connect to /usr/local/samba/private/dns/sam.ldb
Dec  3 12:40:13 mailhost named[1701]: dlz_dlopen of 'AD DNS Zone' failed
Dec  3 12:40:13 mailhost named[1701]: SDLZ driver failed to load.
Dec  3 12:40:13 mailhost named[1701]: DLZ driver failed to load.
Dec  3 12:40:13 mailhost named[1701]: loading configuration: failure
Dec  3 12:40:13 mailhost named[1701]: exiting (due to fatal error)

下一步我应该在哪里进行故障排除？

Answer 1

弄明白

sudo apparmor_parser --replace /etc/apparmor.d/usr.sbin.named

需要重新加载我对设备配置文件所做的更改