@norm-audrey as I read it the proposed fix does not contain a ''' character. It is the single line
@{PROC}/sys/net/ipv4/ip_local_port_range r, do you perhaps also copy the following line? 'lsb_release -rd': That would indeed result in the reported error. I am not sure how the profile in comment #4 would fix the originally reported deny message except by causing dhcpd to not use the code path resulting in the denial. As for the difference between the two profiles. They don't have a completely different form, both have evolved from a similar base so they have much in common but do have some differences. The profile from https://github.com/Harvie/AppArmor-Profiles/blob/master/usr.sbin.dhcpd is an older version of the one carried by the upstream project https://gitlab.com/apparmor/apparmor/-/blob/master/profiles/apparmor/profiles/extras/usr.sbin.dhcpd. Beyond whitespace differences I see different conf file locations /etc/dhcpd.conf r, /etc/named.d/* r, vs. /etc/dhcp/dhcpd.conf r, /etc/dhcp/dhcpd6.conf r, /etc/bind/* r, broader lease location in the old upstream version /var/lib/dhcp/{db/,}dhcpd.leases* rwl, vs. /var/lib/dhcp/dhcpd6.leases* rwl, support for ipv6 leases in your version /var/lib/dhcp/{db/,}dhcpd.leases* rwl, vs /var/lib/dhcp/dhcpd.leases* rwl, /var/lib/dhcp/dhcpd6.leases* rwl, note: current upstream has broader leases and ipv6 /var/lib/dhcp/{db/,}dhcpd{6,}.leases* rwl, different pid file location /{,var/}run/dhcpd.pid wl vs. /{,var/}run/dhcp-server/dhcpd.pid wl, Some of this could come down to system configuration of dhcpd. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to isc-dhcp in Ubuntu. https://bugs.launchpad.net/bugs/1901373 Title: isc-dhcp-server AppArmor Denied on /proc/sys/net/ipv4/ip_local_port_range Status in isc-dhcp package in Ubuntu: Confirmed Bug description: The following AppArmor denial errors are shown on startup: Oct 25 00:52:00 xxx kernel: [ 556.231990] audit: type=1400 audit(1603601520.710:32): apparmor="DENIED" operation="open" profile="/usr/sbin/dhcpd" name="/proc/sys/net/ipv4/ip_local_port_range" pid=1982 comm="dhcpd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 Oct 25 00:52:00 xxx kernel: [ 556.232257] audit: type=1400 audit(1603601520.710:33): apparmor="DENIED" operation="open" profile="/usr/sbin/dhcpd" name="/proc/sys/net/ipv4/ip_local_port_range" pid=1982 comm="dhcpd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 Fix is to edit /etc/apparmor.d/local/usr.sbin.dhcpd to have: @{PROC}/sys/net/ipv4/ip_local_port_range r, 'lsb_release -rd': Description: Ubuntu 20.04.1 LTS Release: 20.04 isc-dhcp-server: Installed: 4.4.1-2.1ubuntu5 Candidate: 4.4.1-2.1ubuntu5 Version table: *** 4.4.1-2.1ubuntu5 500 500 http://us.archive.ubuntu.com/ubuntu focal/main amd64 Packages 100 /var/lib/dpkg/status apparmor: Installed: 2.13.3-7ubuntu5.1 Candidate: 2.13.3-7ubuntu5.1 Version table: *** 2.13.3-7ubuntu5.1 500 500 http://us.archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages 100 /var/lib/dpkg/status 2.13.3-7ubuntu5 500 500 http://us.archive.ubuntu.com/ubuntu focal/main amd64 Packages To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1901373/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp