However, the service still couldn't create a PID-file after a reboot. So
I tweaked a little bit longer.
It turns out that the isc-dhcp-server is started before the temporary
filesystem "/run".
The lines "Wants=local-fs.target", "After=local-fs.target" and "sleep 3 ; \"
solves that.
Security by apparmor requires the creation of the PID-file in
"/{,var/}run/{,dhcp-server/}dhcpd{,6}.pid rw,". The lines
"if [ ! -d /run/dhcp-server ]; then mkdir -p /run/dhcp-server; fi; \"
"chown root:dhcpd /run/dhcp-server; \"
"chmod ug=rwx,o=rx /run/dhcp-server; \"
"sleep 1; \"
enables this.
This tweaking resulted in the following "/etc/systemd/system/isc-dhcp-
server.services" file.
========================================================
[Unit]
Description=ISC DHCP IPv4 server
Documentation=man:dhcpd(8)
Wants=network-online.target
Wants=local-fs.target
After=network-online.target
After=local-fs.target
After=time-sync.target
ConditionPathExists=/etc/default/isc-dhcp-server
ConditionPathIsMountPoint=/run
ConditionPathExists=|/etc/ltsp/dhcpd.conf
ConditionPathExists=|/etc/dhcp/dhcpd.conf
[Service]
EnvironmentFile=/etc/default/isc-dhcp-server
RuntimeDirectory=dhcp-server
# The leases files need to be root:dhcpd even when dropping privileges
ExecStart=/bin/sh -ec '\
sleep 3 ; \
CONFIG_FILE=/etc/dhcp/dhcpd.conf; \
if [ -f /etc/ltsp/dhcpd.conf ]; then CONFIG_FILE=/etc/ltsp/dhcpd.conf; fi; \
if [ ! -d /run/dhcp-server ]; then mkdir -p /run/dhcp-server; fi; \
chown root:dhcpd /run/dhcp-server; \
chmod ug=rwx,o=rx /run/dhcp-server; \
sleep 1; \
if [ ! "$DHCPDv4_PID" ] ; then DHCPDv4_PID=/run/dhcp-server/dhcpd.pid; fi; \
[ -e /var/lib/dhcp/dhcpd.leases ] || touch /var/lib/dhcp/dhcpd.leases; \
chown root:dhcpd /var/lib/dhcp /var/lib/dhcp/dhcpd.leases; \
chmod 775 /var/lib/dhcp ; chmod 664 /var/lib/dhcp/dhcpd.leases; \
exec dhcpd -user dhcpd -group dhcpd -f -4 -pf $DHCPDv4_PID -cf $CONFIG_FILE
$INTERFACESv4'
[Install]
WantedBy=multi-user.target
==================================================
I hope this helps. Any suggestion to improve this service-file is
appreciated :)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to isc-dhcp in Ubuntu.
https://bugs.launchpad.net/bugs/1448657
Title:
isc-dhcp-server: Can't create PID file /run/dhcp-server/dhcpd.pid:
Permission denied
Status in isc-dhcp package in Ubuntu:
Confirmed
Bug description:
Just upgraded from 14-10 to 15-04, and now see the following in
syslog:
Apr 26 10:50:08 server kernel: [70470.960718] audit: type=1400
audit(1430045408.725:8): apparmor="DENIED" operation="capable"
profile="/usr/sbin/dhcpd" pid=8619 comm="dhcpd" capability=1 capname="dac_ove
rride"
Apr 26 10:50:08 server sh[8619]: Can't create PID file
/run/dhcp-server/dhcpd.pid: Permission denied.
Description: Ubuntu 15.04
Release: 15.04
isc-dhcp-server:
Installed: 4.3.1-5ubuntu2
----------- 8x -----------------
# cat /etc/default/isc-dhcp-server
# Defaults for isc-dhcp-server initscript
# sourced by /etc/init.d/isc-dhcp-server
# installed at /etc/default/isc-dhcp-server by the maintainer scripts
#
# This is a POSIX shell fragment
#
# Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf).
#DHCPD_CONF=/etc/dhcp/dhcpd.conf
# Path to dhcpd's PID file (default: /var/run/dhcpd.pid).
#DHCPD_PID=/var/run/dhcpd.pid
# Additional options to start dhcpd with.
# Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead
#OPTIONS=""
# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
# Separate multiple interfaces with spaces, e.g. "eth0 eth1".
INTERFACES=""
----------- 8x -----------------
# ls -la /var/run
lrwxrwxrwx 1 root root 4 Oct 24 2013 /var/run -> /run
# ls -la /run/dhcp-server/
total 0
drwxr-xr-x 2 dhcpd dhcpd 40 Apr 26 10:59 .
drwxr-xr-x 34 root root 1060 Apr 26 11:33 ..
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1448657/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
