Your message dated Thu, 10 Apr 2025 13:52:14 +0000
with message-id <[email protected]>
and subject line Bug#1055067: fixed in isc-dhcp 4.4.3-P1-6
has caused the Debian Bug report #1055067,
regarding isc-dhcp-client: network-manager 1.44.2-3 changed path to
nm-dhcp-helper, apparmor need update
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1055067: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055067
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: isc-dhcp-client
Version: 4.4.3-P1-4
Severity: normal
Dear Maintainer,
I am using network manager with /etc/NetworkManager/NetworkManager.conf
[main]
dhcp=dhclient
and thus using isc-dhcp-client as my DHCP client.
With the update of network-manager 1.44.2-3 the nm-dhcp-helper moved
from /usr/lib/NetworkManager/ to /usr/libexec/.
Without a fix to /etc/apparmor.d/sbin.dhclient the system now fails to
activate interfaces using DHCP, logging
audit: type=1400 audit(1698680734.539:50): apparmor="DENIED" operation="exec"
class="file" profile="/{,usr/}sbin/dhclient" name="/usr/libexec/nm-dhcp-helper"
pid=7523 comm="dhclient" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
The following diff fixes it for me - just duplicating the existing
rules to the new path:
diff --git a/etc/apparmor.d/sbin.dhclient b/etc/apparmor.d/sbin.dhclient
index 1acc6b92..b219d688 100644
--- a/etc/apparmor.d/sbin.dhclient
+++ b/etc/apparmor.d/sbin.dhclient
@@ -69,6 +69,8 @@
# Support the new executable helper from NetworkManager.
/usr/lib/NetworkManager/nm-dhcp-helper Pxrm,
signal (receive) peer=/usr/lib/NetworkManager/nm-dhcp-helper,
+ /usr/libexec/nm-dhcp-helper Pxrm,
+ signal (receive) peer=/usr/libexec/nm-dhcp-helper,
# Site-specific additions and overrides. See local/README for details.
#include <local/sbin.dhclient>
@@ -101,6 +103,21 @@
network inet6 dgram,
}
+/usr/libexec/nm-dhcp-helper {
+ #include <abstractions/base>
+ #include <abstractions/dbus>
+ /usr/libexec/nm-dhcp-helper mr,
+
+ /run/NetworkManager/private-dhcp rw,
+ signal (send) peer=/sbin/dhclient,
+
+ /var/lib/NetworkManager/*lease r,
+ signal (receive) peer=/usr/sbin/NetworkManager,
+ ptrace (readby) peer=/usr/sbin/NetworkManager,
+ network inet dgram,
+ network inet6 dgram,
+}
+
/usr/lib/connman/scripts/dhclient-script {
#include <abstractions/base>
#include <abstractions/dbus>
Greetings,
Sven
-- System Information:
Debian Release: trixie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (101, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.5.0-3-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=en_US
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages isc-dhcp-client depends on:
ii debianutils 5.14
ii iproute2 6.5.0-5
ii libc6 2.37-12
Versions of packages isc-dhcp-client recommends:
ii isc-dhcp-common 4.4.3-P1-4
Versions of packages isc-dhcp-client suggests:
pn avahi-autoipd <none>
pn isc-dhcp-client-ddns <none>
ii resolvconf 1.91+nmu1
-- Configuration Files:
/etc/apparmor.d/sbin.dhclient changed [not included]
/etc/dhcp/dhclient.conf changed [not included]
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: isc-dhcp
Source-Version: 4.4.3-P1-6
Done: Santiago Ruano Rincón <[email protected]>
We believe that the bug you reported is fixed in the latest version of
isc-dhcp, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Santiago Ruano Rincón <[email protected]> (supplier of updated isc-dhcp
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 09 Apr 2025 16:07:51 -0300
Source: isc-dhcp
Architecture: source
Version: 4.4.3-P1-6
Distribution: unstable
Urgency: low
Maintainer: Debian ISC DHCP Maintainers <[email protected]>
Changed-By: Santiago Ruano Rincón <[email protected]>
Closes: 1055067 1102021
Changes:
isc-dhcp (4.4.3-P1-6) unstable; urgency=low
.
* Rename and update debian/apparmor/usr.sbin.dhclient to follow new
nm-dhcp-helper path (Closes: #1055067)
* Add information about the EOL in the packages description (Closes:
#1102021)
Checksums-Sha1:
aa6c6e0bd85da88001c1d9cd2f41a7313c256c12 2286 isc-dhcp_4.4.3-P1-6.dsc
85257e43f86dbd6054dd4b2d1f37ec2e2463f5f4 105416
isc-dhcp_4.4.3-P1-6.debian.tar.xz
b884d19a9cafeb7fc6402c49c419d3987ab8ebf6 10053
isc-dhcp_4.4.3-P1-6_amd64.buildinfo
Checksums-Sha256:
afee2ad17db0c09a8488c0227abc81cc10c709eaf143a08d76916cda824d57bd 2286
isc-dhcp_4.4.3-P1-6.dsc
1bfdf0e895c0d961a7483e6324110eb6383ef8e7ad174c9d55e479891b461a23 105416
isc-dhcp_4.4.3-P1-6.debian.tar.xz
3a8a8d7385bca0296fb61defb7ced7e61f1c1b0519a7d9769bf8c2c2d2e636f1 10053
isc-dhcp_4.4.3-P1-6_amd64.buildinfo
Files:
bb593d5515964bc489b3c2afc95dcb93 2286 net important isc-dhcp_4.4.3-P1-6.dsc
e77eefcf63e6df17453f09142b413d10 105416 net important
isc-dhcp_4.4.3-P1-6.debian.tar.xz
1ad9a25ba9564adddf83d73393978048 10053 net important
isc-dhcp_4.4.3-P1-6_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iIoEARYKADIWIQR+lHTq7mkJOyB6t2Un3j1FEEiG7wUCZ/fH1xQcc2FudGlhZ29A
ZGViaWFuLm9yZwAKCRAn3j1FEEiG77V2APwJhqwuIcceJYMXafNq+O4rY41w/56k
1QRUZhbcGMZJrAD+IXWQYUVtcDxk1JAXCZXuwejhXVIMNeYmS6U38l+qLgs=
=yCF2
-----END PGP SIGNATURE-----
pgpNP9YkuFPw0.pgp
Description: PGP signature
--- End Message ---
