Sorry, should have gone here as well ...

Peter

---------- Forwarded Message ----------

Subject: Re: Journal open failed.
Date: Monday 03 July 2006 13:57
From: Peter Albrecht
To: kalyanasundaram S

Hi Kalyan,

On Thursday 22 June 2006 08:01, you wrote:
> > From: ug@suse.de
> > Sent: Mon, 19 Jun 2006 12:04:04 +0200
> > To: bind-users@isc.org
> > have you tried "rcapparmor stop"?

>
> yah, thanks a lot , it works very fine..
> so it seems SLES also incorporating SELinux security policy.. right...
> i am googling for apparmor.. and
> i stoped the deamon and tried i was able to update.. again i started the
> apparmor deamon
> i expected that again i will not be able to update. but it was not.. will
> the profiles are not loaded properly while starting the apparmor deamon?.
> just can you give me small explanation what it does..


When using AppArmor, it will only affect processes which are started _after_
AppArmor. So if named was still running, the new AppArmor processes will not
have any effect.

> if i dont want to stop apparmor and want to update ths dns too, in sles what
> should i do? by default the path for dns server is /var/lib/named/ but the
> policy says only can in $ROOTDIR/var/named/slaves


If you don't want to stop AppArmor totally, you can disable the DNS profile.
It's located in

/etc/apparmor.d/usr.sbin.named

If you move this file to /etc/apparmor/profiles/extras/ and restart AppArmor,
this profile will no longer be active. If you'd like to keep AppArmor active
and want to use nsupdate, you'll have to dig into the AppArmor configuration.

Regards,

Peter

--
Peter Albrecht, Novell Training Services, peter.albrecht@novell.com


-------------------------------------------------------

--
Peter Albrecht, Novell Training Services, peter.albrecht@novell.com