At some point you might encounter a very annoying error, especially in Debian based distros, including Proxmox. Here’s a sample log:
apparmor="DENIED" operation="sendmsg" profile="/usr/sbin/named" name="/run/systemd/journal/dev-log" pid=1073 comm="named" requested_mask="w" denied_mask="w"
This happens because apparmor is a little bit too overzealous. The fix is very simple.
Add the following line in “/etc/apparmor.d/local/usr.sbin.named”:
/run/systemd/journal/dev-log rw,
And execute this:
sudo apparmor_parser -r /etc/apparmor.d/usr.sbin.named
You’re done. 🙂
Was this tutorial useful? Buy me a drink by using the “donate” button below. 🙂
not work!!!
grep ntpd /var/log/syslog
Nov 27 16:03:03 wwwcplus kernel: [108783.995572] audit: type=1400 audit(1511787783.395:931): apparmor=”DENIED” operation=”sendmsg” info=”Failed name lookup – disconnected path” error=-13 profile=”/usr/sbin/ntpd” name=”run/systemd/journal/dev-log” pid=15983 comm=”ntpd” requested_mask=”w” denied_mask=”w” fsuid=114 ouid=0
Nov 27 16:03:03 wwwcplus kernel: [108783.995672] audit: type=1400 audit(1511787783.395:932): apparmor=”DENIED” operation=”sendmsg” info=”Failed name lookup – disconnected path” error=-13 profile=”/usr/sbin/ntpd” name=”run/systemd/journal/dev-log” pid=15983 comm=”ntpd” requested_mask=”w” denied_mask=”w” fsuid=114 ouid=0
Nov 27 16:03:03 wwwcplus kernel: [108783.995706] audit: type=1400 audit(1511787783.395:933): apparmor=”DENIED” operation=”sendmsg” info=”Failed name lookup – disconnected path” error=-13 profile=”/usr/sbin/ntpd” name=”run/systemd/journal/dev-log” pid=15983 comm=”ntpd” requested_mask=”w” denied_mask=”w” fsuid=114 ouid=0
Nov 27 16:03:03 wwwcplus kernel: [108783.995721] audit: type=1400 audit(1511787783.395:934): apparmor=”DENIED” operation=”sendmsg” info=”Failed name lookup – disconnected path” error=-13 profile=”/usr/sbin/ntpd” name=”run/systemd/journal/dev-log” pid=15983 comm=”ntpd” requested_mask=”w” denied_mask=”w” fsuid=114 ouid=0
Nov 27 16:03:03 wwwcplus kernel: [108783.995735] audit: type=1400 audit(1511787783.395:935): apparmor=”DENIED” operation=”sendmsg” info=”Failed name lookup – disconnected path” error=-13 profile=”/usr/sbin/ntpd” name=”run/systemd/journal/dev-log” pid=15983 comm=”ntpd” requested_mask=”w” denied_mask=”w” fsuid=114 ouid=0
Nov 27 16:03:03 wwwcplus kernel: [108783.995748] audit: type=1400 audit(1511787783.395:936): apparmor=”DENIED” operation=”sendmsg” info=”Failed name lookup – disconnected path” error=-13 profile=”/usr/sbin/ntpd” name=”run/systemd/journal/dev-log” pid=15983 comm=”ntpd” requested_mask=”w” denied_mask=”w” fsuid=114 ouid=0
Nov 27 16:03:03 wwwcplus kernel: [108784.010691] audit: type=1400 audit(1511787783.410:937): apparmor=”DENIED” operation=”open” profile=”/usr/sbin/ntpd” name=”/usr/local/sbin/” pid=16399 comm=”ntpd” requested_mask=”r” denied_mask=”r” fsuid=0 ouid=0
Nov 27 16:03:03 wwwcplus kernel: [108784.010767] audit: type=1400 audit(1511787783.410:938): apparmor=”DENIED” operation=”open” profile=”/usr/sbin/ntpd” name=”/usr/local/bin/” pid=16399 comm=”ntpd” requested_mask=”r” denied_mask=”r” fsuid=0 ouid=0
Nov 27 16:03:03 wwwcplus kernel: [108784.011473] audit: type=1400 audit(1511787783.411:939): apparmor=”DENIED” operation=”sendmsg” info=”Failed name lookup – disconnected path” error=-13 profile=”/usr/sbin/ntpd” name=”run/systemd/journal/dev-log” pid=16399 comm=”ntpd” requested_mask=”w” denied_mask=”w” fsuid=0 ouid=0
Nov 27 16:03:03 wwwcplus kernel: [108784.011574] audit: type=1400 audit(1511787783.411:940): apparmor=”DENIED” operation=”sendmsg” info=”Failed name lookup – disconnected path” error=-13 profile=”/usr/sbin/ntpd” name=”run/systemd/journal/dev-log” pid=16399 comm=”ntpd” requested_mask=”w” denied_mask=”w” fsuid=0 ouid=0
Of course it didn’t solve your problem, because your problem is with NTPd and not NAMEd.
Hello sir,
Sorry with your solution I can not solve my problem.
I have debian 8 on my VM and I still have the following error:
“apparmor =” DENIED “operation =” sendmsg “profile =” / usr / sbin / named “name =” / run / systemd / log / dev-log “pid = 1435 comm =” named “requested_mask =” w “denied_mask = “w” fsuid = 109 ouid = 0 “
Here is the error when I tried to apply your solution.
root@hoster:~# apparmor_parser -r /etc/apparmor.d/usr.sbin.named
-bash: apparmor_parser: command not found
root@hoster:~#
Thank you for helping me.