This issue causes incomplete dhcp configuration to assign a stale IP that may already be leased to another device on the network.
The fix is to backport the AppArmor profile updates from https://launchpad.net/ubuntu/+source/isc-dhcp/4.2.4-7ubuntu14 diff -pruN 4.2.4-7ubuntu13/debian/apparmor-profile.dhclient 4.2.4-7ubuntu14/debian/apparmor-profile.dhclient --- 4.2.4-7ubuntu13/debian/apparmor-profile.dhclient 2014-06-25 12:05:29.000000000 +0000 +++ 4.2.4-7ubuntu14/debian/apparmor-profile.dhclient 2014-08-27 14:01:23.000000000 +0000 @@ -74,11 +74,15 @@ /var/lib/NetworkManager/*lease r, signal (receive) peer=/usr/sbin/NetworkManager, ptrace (readby) peer=/usr/sbin/NetworkManager, + network inet dgram, + network inet6 dgram, } /usr/lib/connman/scripts/dhclient-script { #include <abstractions/base> #include <abstractions/dbus> /usr/lib/connman/scripts/dhclient-script mr, + network inet dgram, + network inet6 dgram, } diff -pruN 4.2.4-7ubuntu13/debian/changelog 4.2.4-7ubuntu14/debian/changelog --- 4.2.4-7ubuntu13/debian/changelog 2014-06-25 12:31:57.000000000 +0000 +++ 4.2.4-7ubuntu14/debian/changelog 2014-08-27 14:04:04.000000000 +0000 @@ -1,3 +1,10 @@ +isc-dhcp (4.2.4-7ubuntu14) utopic; urgency=medium + + * debian/apparmor-profile.dhclient: add file_inherit inet{,6} dgram rules + for child profiles + + -- Jamie Strandboge <[email protected]> Wed, 27 Aug 2014 09:01:46 -0500 + isc-dhcp (4.2.4-7ubuntu13) utopic; urgency=medium * apparmor-profile.dhclient: allow signal receive and ptrace readby by -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1417658 Title: apparmor denied operation file_inherit from networkmanager Status in apparmor package in Ubuntu: Confirmed Bug description: Hallo, on Kubuntu 14.04.x dmesg shows me the following apparmor messages; Is this normal or is this a security issue together with network- manager? [ 16.171766] audit: type=1400 audit(1422595680.679:68): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2229 comm="nm-dhcp-client." lport=10320 family="inet" sock_type="dgram" protocol=17 [ 16.171772] audit: type=1400 audit(1422595680.679:69): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2229 comm="nm-dhcp-client." lport=21985 family="inet6" sock_type="dgram" protocol=17 [ 16.199936] audit: type=1400 audit(1422595680.707:70): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2246 comm="nm-dhcp-client." lport=10320 family="inet" sock_type="dgram" protocol=17 [ 16.199943] audit: type=1400 audit(1422595680.707:71): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2246 comm="nm-dhcp-client." lport=21985 family="inet6" sock_type="dgram" protocol=17 [ 16.201369] audit: type=1400 audit(1422595680.707:72): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2248 comm="nm-dhcp-client." lport=10320 family="inet" sock_type="dgram" protocol=17 [ 16.201379] audit: type=1400 audit(1422595680.707:73): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2248 comm="nm-dhcp-client." lport=21985 family="inet6" sock_type="dgram" protocol=17 [ 17.206342] audit: type=1400 audit(1422595681.711:74): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2468 comm="nm-dhcp-client." lport=10320 family="inet" sock_type="dgram" protocol=17 [ 17.206349] audit: type=1400 audit(1422595681.711:75): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2468 comm="nm-dhcp-client." lport=21985 family="inet6" sock_type="dgram" protocol=17 When I logon to KDE, KDE hangs sometimes for 3sec at the login- process , when there is no internet connection (DSL modem did not dial-in yet). Thanks for your help! Best regards, Bernhard To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1417658/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
