How to allow bind in app armor?

[ 5909.432759] type=1400 audit(1344103797.021:146): apparmor="DENIED" operation="open" parent=8800 profile="/usr/sbin/named" name="/var/log/query.log" pid=8805 comm="named" requested_mask="ac" denied_mask="ac" fsuid=107 ouid=0

That’s because named isn’t allowed to write to the file /var/log/query.log. To solve this issue, open the local include for the apparmor profile of named (/etc/apparmor.d/local/usr.sbin.named), add this line:

/var/log/query.log rw,

Then run

sudo apparmor_parser -r /etc/apparmor.d/usr.sbin.named

to reload the profile.