[Touch-packages] [Bug 1540672] Re: [xenial] dhcp server does not work with apparmor enabled
*** This bug is a duplicate of bug 1543794 *** https://bugs.launchpad.net/bugs/1543794 Yes, I think bug #1543794 is a duplicate. ** This bug has been marked a duplicate of bug 1543794 isc-dhcp-server fails to start on second & further attempts with 'Can't open /var/lib/dhcp/dhcpd.leases for append' -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to isc-dhcp in Ubuntu. https://bugs.launchpad.net/bugs/1540672 Title: [xenial] dhcp server does not work with apparmor enabled Status in isc-dhcp package in Ubuntu: Incomplete Bug description: I only seem to be able to make my dhcp server work properly by disabling apparmor. With apparmor enabled it seems to complain that it is unable to open the leases file for append. With apparmor either disabled completely (via linux command line in grub), or set to complain mode for /usr/sbin/dhcpd, the dhcp server appears to work fine (so far). Observed with 2.10-0ubuntu11, and 2.10-0ubuntu12 (from the update of today). I do not know about any previous version, as this is my first attempt with xenial at setting up a dhcp server. My system is being built fresh from the daily Ubuntu server AMD64 ISO of 2016.01.30. The hard disk is new, as the old one (12.04 server) failed. I do not know if it is relevant, but I do notice an edit date of 2016.01.25 in /etc/apparmor.d/usr.sbin.dhcpd The main problem log line: kernel: [ 22.629981] audit: type=1400 audit(1454368046.405:10): apparmor="DENIED" operation="capable" profile="/usr/sbin/dhcpd" pid=1198 comm="dhcpd" capability=1 capname="dac_override" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1540672/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1540672] Re: [xenial] dhcp server does not work with apparmor enabled
Doug, regarding note 2, that is a separate bug-- this is a denial for 'named', the daemon from the bind9 package. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to isc-dhcp in Ubuntu. https://bugs.launchpad.net/bugs/1540672 Title: [xenial] dhcp server does not work with apparmor enabled Status in isc-dhcp package in Ubuntu: Incomplete Bug description: I only seem to be able to make my dhcp server work properly by disabling apparmor. With apparmor enabled it seems to complain that it is unable to open the leases file for append. With apparmor either disabled completely (via linux command line in grub), or set to complain mode for /usr/sbin/dhcpd, the dhcp server appears to work fine (so far). Observed with 2.10-0ubuntu11, and 2.10-0ubuntu12 (from the update of today). I do not know about any previous version, as this is my first attempt with xenial at setting up a dhcp server. My system is being built fresh from the daily Ubuntu server AMD64 ISO of 2016.01.30. The hard disk is new, as the old one (12.04 server) failed. I do not know if it is relevant, but I do notice an edit date of 2016.01.25 in /etc/apparmor.d/usr.sbin.dhcpd The main problem log line: kernel: [ 22.629981] audit: type=1400 audit(1454368046.405:10): apparmor="DENIED" operation="capable" profile="/usr/sbin/dhcpd" pid=1198 comm="dhcpd" capability=1 capname="dac_override" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1540672/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1540672] Re: [xenial] dhcp server does not work with apparmor enabled
Doug, as for note 1, is bug #1543794 a duplicate? It has more information regarding the problem. ** Changed in: isc-dhcp (Ubuntu) Status: Confirmed => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to isc-dhcp in Ubuntu. https://bugs.launchpad.net/bugs/1540672 Title: [xenial] dhcp server does not work with apparmor enabled Status in isc-dhcp package in Ubuntu: Incomplete Bug description: I only seem to be able to make my dhcp server work properly by disabling apparmor. With apparmor enabled it seems to complain that it is unable to open the leases file for append. With apparmor either disabled completely (via linux command line in grub), or set to complain mode for /usr/sbin/dhcpd, the dhcp server appears to work fine (so far). Observed with 2.10-0ubuntu11, and 2.10-0ubuntu12 (from the update of today). I do not know about any previous version, as this is my first attempt with xenial at setting up a dhcp server. My system is being built fresh from the daily Ubuntu server AMD64 ISO of 2016.01.30. The hard disk is new, as the old one (12.04 server) failed. I do not know if it is relevant, but I do notice an edit date of 2016.01.25 in /etc/apparmor.d/usr.sbin.dhcpd The main problem log line: kernel: [ 22.629981] audit: type=1400 audit(1454368046.405:10): apparmor="DENIED" operation="capable" profile="/usr/sbin/dhcpd" pid=1198 comm="dhcpd" capability=1 capname="dac_override" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1540672/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1540672] Re: [xenial] dhcp server does not work with apparmor enabled
Note 1: isc-dhcp-server 4.3.3-5ubuntu8 does not fix this issue. Note 2: There seems to be other apparmor issues, one of which was fixed by isc-dhcp-client 4.3.3-5ubuntu8. The other remaining one is with named: Feb 27 07:53:07 DOUG-64 kernel: [ 21.320614] audit: type=1400 audit(1456588387.143:11): apparmor="DENIED" operation="open" profile="/usr/sbin/named" name="/proc/sys/net/ipv4/ip_local_port_range" pid=1345 comm="named" requested_mask="r" denied_mask="r" fsuid=109 ouid=0 but if I set that one to "complain" my system crashes during re-boot. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to isc-dhcp in Ubuntu. https://bugs.launchpad.net/bugs/1540672 Title: [xenial] dhcp server does not work with apparmor enabled Status in isc-dhcp package in Ubuntu: Confirmed Bug description: I only seem to be able to make my dhcp server work properly by disabling apparmor. With apparmor enabled it seems to complain that it is unable to open the leases file for append. With apparmor either disabled completely (via linux command line in grub), or set to complain mode for /usr/sbin/dhcpd, the dhcp server appears to work fine (so far). Observed with 2.10-0ubuntu11, and 2.10-0ubuntu12 (from the update of today). I do not know about any previous version, as this is my first attempt with xenial at setting up a dhcp server. My system is being built fresh from the daily Ubuntu server AMD64 ISO of 2016.01.30. The hard disk is new, as the old one (12.04 server) failed. I do not know if it is relevant, but I do notice an edit date of 2016.01.25 in /etc/apparmor.d/usr.sbin.dhcpd The main problem log line: kernel: [ 22.629981] audit: type=1400 audit(1454368046.405:10): apparmor="DENIED" operation="capable" profile="/usr/sbin/dhcpd" pid=1198 comm="dhcpd" capability=1 capname="dac_override" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1540672/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1540672] Re: [xenial] dhcp server does not work with apparmor enabled
I am suggesting that the issue was fixed by this: 2016-02-17 17:24:06 upgrade isc-dhcp-server:amd64 4.3.3-5ubuntu4 4.3.3-5ubuntu5 And then broken again by this: 2016-02-26 08:22:59 upgrade isc-dhcp-server:amd64 4.3.3-5ubuntu5 4.3.3-5ubuntu7 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to isc-dhcp in Ubuntu. https://bugs.launchpad.net/bugs/1540672 Title: [xenial] dhcp server does not work with apparmor enabled Status in isc-dhcp package in Ubuntu: Confirmed Bug description: I only seem to be able to make my dhcp server work properly by disabling apparmor. With apparmor enabled it seems to complain that it is unable to open the leases file for append. With apparmor either disabled completely (via linux command line in grub), or set to complain mode for /usr/sbin/dhcpd, the dhcp server appears to work fine (so far). Observed with 2.10-0ubuntu11, and 2.10-0ubuntu12 (from the update of today). I do not know about any previous version, as this is my first attempt with xenial at setting up a dhcp server. My system is being built fresh from the daily Ubuntu server AMD64 ISO of 2016.01.30. The hard disk is new, as the old one (12.04 server) failed. I do not know if it is relevant, but I do notice an edit date of 2016.01.25 in /etc/apparmor.d/usr.sbin.dhcpd The main problem log line: kernel: [ 22.629981] audit: type=1400 audit(1454368046.405:10): apparmor="DENIED" operation="capable" profile="/usr/sbin/dhcpd" pid=1198 comm="dhcpd" capability=1 capname="dac_override" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1540672/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1540672] Re: [xenial] dhcp server does not work with apparmor enabled
I can not seem to run the requested command. I just get this: ubuntu-bug 1540672 No pending crash reports. Try --help for more information. Note: while experienced at bug reports and such, I have never ever successfully run any of the collect stuff. ** Attachment added: "the requested file" https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1540672/+attachment/4581937/+files/usr.sbin.dhcpd.002 ** Changed in: isc-dhcp (Ubuntu) Status: Incomplete => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to isc-dhcp in Ubuntu. https://bugs.launchpad.net/bugs/1540672 Title: [xenial] dhcp server does not work with apparmor enabled Status in isc-dhcp package in Ubuntu: Confirmed Bug description: I only seem to be able to make my dhcp server work properly by disabling apparmor. With apparmor enabled it seems to complain that it is unable to open the leases file for append. With apparmor either disabled completely (via linux command line in grub), or set to complain mode for /usr/sbin/dhcpd, the dhcp server appears to work fine (so far). Observed with 2.10-0ubuntu11, and 2.10-0ubuntu12 (from the update of today). I do not know about any previous version, as this is my first attempt with xenial at setting up a dhcp server. My system is being built fresh from the daily Ubuntu server AMD64 ISO of 2016.01.30. The hard disk is new, as the old one (12.04 server) failed. I do not know if it is relevant, but I do notice an edit date of 2016.01.25 in /etc/apparmor.d/usr.sbin.dhcpd The main problem log line: kernel: [ 22.629981] audit: type=1400 audit(1454368046.405:10): apparmor="DENIED" operation="capable" profile="/usr/sbin/dhcpd" pid=1198 comm="dhcpd" capability=1 capname="dac_override" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1540672/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1540672] Re: [xenial] dhcp server does not work with apparmor enabled
This issue has returned. I'll supply the extra requested information as soon as I can. ** Changed in: isc-dhcp (Ubuntu) Status: Fix Released => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to isc-dhcp in Ubuntu. https://bugs.launchpad.net/bugs/1540672 Title: [xenial] dhcp server does not work with apparmor enabled Status in isc-dhcp package in Ubuntu: Incomplete Bug description: I only seem to be able to make my dhcp server work properly by disabling apparmor. With apparmor enabled it seems to complain that it is unable to open the leases file for append. With apparmor either disabled completely (via linux command line in grub), or set to complain mode for /usr/sbin/dhcpd, the dhcp server appears to work fine (so far). Observed with 2.10-0ubuntu11, and 2.10-0ubuntu12 (from the update of today). I do not know about any previous version, as this is my first attempt with xenial at setting up a dhcp server. My system is being built fresh from the daily Ubuntu server AMD64 ISO of 2016.01.30. The hard disk is new, as the old one (12.04 server) failed. I do not know if it is relevant, but I do notice an edit date of 2016.01.25 in /etc/apparmor.d/usr.sbin.dhcpd The main problem log line: kernel: [ 22.629981] audit: type=1400 audit(1454368046.405:10): apparmor="DENIED" operation="capable" profile="/usr/sbin/dhcpd" pid=1198 comm="dhcpd" capability=1 capname="dac_override" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1540672/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1540672] Re: [xenial] dhcp server does not work with apparmor enabled
Oh, I see there was an update to this stuff a few minutes ago. It seems to fix the issue. I couldn't find the original profile file in any source package nor could I find any bizzare branch on launchpad, so I installed it on another server and copied the file back to the problem server, /etc/apparmor.d/usr.sbin.dhcpd. ** Changed in: isc-dhcp (Ubuntu) Status: Incomplete => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to isc-dhcp in Ubuntu. https://bugs.launchpad.net/bugs/1540672 Title: [xenial] dhcp server does not work with apparmor enabled Status in isc-dhcp package in Ubuntu: Fix Released Bug description: I only seem to be able to make my dhcp server work properly by disabling apparmor. With apparmor enabled it seems to complain that it is unable to open the leases file for append. With apparmor either disabled completely (via linux command line in grub), or set to complain mode for /usr/sbin/dhcpd, the dhcp server appears to work fine (so far). Observed with 2.10-0ubuntu11, and 2.10-0ubuntu12 (from the update of today). I do not know about any previous version, as this is my first attempt with xenial at setting up a dhcp server. My system is being built fresh from the daily Ubuntu server AMD64 ISO of 2016.01.30. The hard disk is new, as the old one (12.04 server) failed. I do not know if it is relevant, but I do notice an edit date of 2016.01.25 in /etc/apparmor.d/usr.sbin.dhcpd The main problem log line: kernel: [ 22.629981] audit: type=1400 audit(1454368046.405:10): apparmor="DENIED" operation="capable" profile="/usr/sbin/dhcpd" pid=1198 comm="dhcpd" capability=1 capname="dac_override" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1540672/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1540672] Re: [xenial] dhcp server does not work with apparmor enabled
Yes, I am seeing this issue with an up to date Xenial (well, updated yesterday). I can not undo the changes to the profile. Why not? Because I didn't know that aa-logprof didn't make a backup file before messing with the file, and I had not saved one myself. However, I'll see if I can find it elsewhere. I suspect you meant to say "duplicate of bug 1543794" which myself it think it is the other way around. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to isc-dhcp in Ubuntu. https://bugs.launchpad.net/bugs/1540672 Title: [xenial] dhcp server does not work with apparmor enabled Status in isc-dhcp package in Ubuntu: Incomplete Bug description: I only seem to be able to make my dhcp server work properly by disabling apparmor. With apparmor enabled it seems to complain that it is unable to open the leases file for append. With apparmor either disabled completely (via linux command line in grub), or set to complain mode for /usr/sbin/dhcpd, the dhcp server appears to work fine (so far). Observed with 2.10-0ubuntu11, and 2.10-0ubuntu12 (from the update of today). I do not know about any previous version, as this is my first attempt with xenial at setting up a dhcp server. My system is being built fresh from the daily Ubuntu server AMD64 ISO of 2016.01.30. The hard disk is new, as the old one (12.04 server) failed. I do not know if it is relevant, but I do notice an edit date of 2016.01.25 in /etc/apparmor.d/usr.sbin.dhcpd The main problem log line: kernel: [ 22.629981] audit: type=1400 audit(1454368046.405:10): apparmor="DENIED" operation="capable" profile="/usr/sbin/dhcpd" pid=1198 comm="dhcpd" capability=1 capname="dac_override" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1540672/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1540672] Re: [xenial] dhcp server does not work with apparmor enabled
This seems like a duplicate of bug #1540672, but there isn't enough information in this bug. Are you still seeing this with up to date xenial? Can you undo the changes to the profile and perform 'ubuntu-bug 1540672' so that more information can be attached to this bug? Also, please attach your profile after undoing the changes. ** No longer affects: apparmor (Ubuntu) ** Tags added: apparmor ** Changed in: isc-dhcp (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1540672 Title: [xenial] dhcp server does not work with apparmor enabled Status in isc-dhcp package in Ubuntu: Incomplete Bug description: I only seem to be able to make my dhcp server work properly by disabling apparmor. With apparmor enabled it seems to complain that it is unable to open the leases file for append. With apparmor either disabled completely (via linux command line in grub), or set to complain mode for /usr/sbin/dhcpd, the dhcp server appears to work fine (so far). Observed with 2.10-0ubuntu11, and 2.10-0ubuntu12 (from the update of today). I do not know about any previous version, as this is my first attempt with xenial at setting up a dhcp server. My system is being built fresh from the daily Ubuntu server AMD64 ISO of 2016.01.30. The hard disk is new, as the old one (12.04 server) failed. I do not know if it is relevant, but I do notice an edit date of 2016.01.25 in /etc/apparmor.d/usr.sbin.dhcpd The main problem log line: kernel: [ 22.629981] audit: type=1400 audit(1454368046.405:10): apparmor="DENIED" operation="capable" profile="/usr/sbin/dhcpd" pid=1198 comm="dhcpd" capability=1 capname="dac_override" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1540672/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1540672] Re: [xenial] dhcp server does not work with apparmor enabled
I used aa-logprof and it came up with the the attached file. Now I can run apparmour in enforce mode. i.e. "sudo aa-enforce /usr/sbin/dhcpd" ** Attachment added: "an apparmour profile with changes so that it works" https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1540672/+attachment/4573987/+files/usr.sbin.dhcpd -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1540672 Title: [xenial] dhcp server does not work with apparmor enabled Status in apparmor package in Ubuntu: New Status in isc-dhcp package in Ubuntu: New Bug description: I only seem to be able to make my dhcp server work properly by disabling apparmor. With apparmor enabled it seems to complain that it is unable to open the leases file for append. With apparmor either disabled completely (via linux command line in grub), or set to complain mode for /usr/sbin/dhcpd, the dhcp server appears to work fine (so far). Observed with 2.10-0ubuntu11, and 2.10-0ubuntu12 (from the update of today). I do not know about any previous version, as this is my first attempt with xenial at setting up a dhcp server. My system is being built fresh from the daily Ubuntu server AMD64 ISO of 2016.01.30. The hard disk is new, as the old one (12.04 server) failed. I do not know if it is relevant, but I do notice an edit date of 2016.01.25 in /etc/apparmor.d/usr.sbin.dhcpd The main problem log line: kernel: [ 22.629981] audit: type=1400 audit(1454368046.405:10): apparmor="DENIED" operation="capable" profile="/usr/sbin/dhcpd" pid=1198 comm="dhcpd" capability=1 capname="dac_override" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1540672/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1540672] Re: [xenial] dhcp server does not work with apparmor enabled
I gather I was supposed to file this under isc-dhcp instead of apparmour. ** Also affects: isc-dhcp (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1540672 Title: [xenial] dhcp server does not work with apparmor enabled Status in apparmor package in Ubuntu: New Status in isc-dhcp package in Ubuntu: New Bug description: I only seem to be able to make my dhcp server work properly by disabling apparmor. With apparmor enabled it seems to complain that it is unable to open the leases file for append. With apparmor either disabled completely (via linux command line in grub), or set to complain mode for /usr/sbin/dhcpd, the dhcp server appears to work fine (so far). Observed with 2.10-0ubuntu11, and 2.10-0ubuntu12 (from the update of today). I do not know about any previous version, as this is my first attempt with xenial at setting up a dhcp server. My system is being built fresh from the daily Ubuntu server AMD64 ISO of 2016.01.30. The hard disk is new, as the old one (12.04 server) failed. I do not know if it is relevant, but I do notice an edit date of 2016.01.25 in /etc/apparmor.d/usr.sbin.dhcpd The main problem log line: kernel: [ 22.629981] audit: type=1400 audit(1454368046.405:10): apparmor="DENIED" operation="capable" profile="/usr/sbin/dhcpd" pid=1198 comm="dhcpd" capability=1 capname="dac_override" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1540672/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
