Copyright © 2017 Healthable. A Krafty Sprouts Property.
Plesk 12.5, bind9 and Ubuntu 14.04 Apparmor Issues
After settings up Plesk 12.5 on my new Ubuntu 14 server, I found out that bind9 (DNS server) was not running like the others from the service interface, so I tried to start the service or program but I received the following error.
image credit: www.conetix.com.au
Error: Unable to make action: Unable to manage service by dnsmng: (‘start’, ‘dns’). Error: dnsmng: Service /etc/init.d/bind9 failed to start
Error from /var/log/messages reads:
Kernel: [6858.107517] type=1503 audit (1375351936.035:25): operation=”open” pid=21824 parent=21822 profile=”/usr/sbin/named” requested_mask=”::r” denied_mask=”::r” fsuid=107 ouid=0 name=”/var/named/run-root/etc/named.conf”
The cause of this is that apparmor is not letting Plesk panel to access what it need to work with Plesk. Odin team advises that you disable Apparmor as it is not supported by Plesk.
So I will show you how to do that;
How to disable Apparmor on Plesk server
- First we check if bind9 is installed with the following command
# dpkg --status apparmor | grep -i status
The output will be;
Status: install ok installed
2. Now run the following command one after the other
# /etc/init.d/apparmor stop # /etc/init.d/apparmor teardown # update-rc.d -f apparmor remove
3. Update or reinstall bind9 packages using apt-get
# apt-get install bind9
4. Update the list of installed components in Plesk with the following command
# /opt/psa/admin/bin/packagemng --set-dirty-flag # /opt/psa/admin/bin/packagemng --list
After that go back to plesk admin panel, go to tools & settings under server management go to services management then restart bind from there.
After a week of using the plesk server i decided to update some programs using apt-get update and apt-get upgrade and there it was Bind9 update available but it failed install because of apparmor is enabled again. I got the below error
Stopping domain name service… bind9 [ OK ]* Starting domain name service… bind9 [fail]invoke-rc.d: initscript bind9, action “restart” failed.dpkg: error processing package bind9 (–configure):subprocess installed post-installation script returned error exit status 1Setting up usbutils (1:007-2ubuntu1.1) …Setting up cloud-init (0.7.5-0ubuntu1.17) …Leaving ‘diversion of /etc/init/ureadahead.conf to /etc/init/ureadahead.conf.disabled by cloud-init’Processing triggers for libc-bin (2.19-0ubuntu6.7) …Errors were encountered while processing:bind9E: Sub-process /usr/bin/dpkg returned an error code (1)
[62079.088894] type=1400 audit(1457566503.779:11): apparmor=”DENIED” operation=”open” profile=”/usr/sbin/named” name=”/var/named/run-root/etc/named.conf” pid=2627 comm=”named” requested_mask=”r” denied_mask=”r” fsuid=108 ouid=0
add the below text to the file;
# Allow Plesks configuration for bind9 to run with Apparmor peacefully /var/named/run-root/** rwm,
after that you need to reload the file so changes can take effects, using the following command;
# Reload Apparmor profile service apparmor reload # Start bind9, should work now service bind9 start
Now you need to restart Plesk Panel
service psa restart
Setting up bind9 (1:9.9.5.dfsg-3ubuntu0.8) …* Stopping domain name service… bind9 [ OK ]* Starting domain name service… bind9