I would hope that
$ sudo /sbin/dhclient -1 -v -lf
/run/cloud-init/tmp/cloud-init-dhcp-bs6g4xkw/dhcp.leases -pf
/run/cloud-init/tmp/cloud-init-dhcp-bs6g4xkw/dhclient.pid eth0 -sf /bin/true
Should work fine.
And if /run/cloud-init/tmp/dhclient is not just a copy of
/sbin/dhclient, then it should be shipped in the package as /usr/lib
/cloud-init/dhclient or some-such. With an apparmor profile applied to
it.
dhclient is something that could be remotely exploited, thus protecting
it - even if for cloud-init Ec2Local initialisation would be nice.
Can you attach the contents of /run/cloud-init/tmp/dhclient ? Can you
elaborate on "in order to avoid apparmor restrictions and side affects"?
Is this in fact a bug in Ubuntu stock apparmor profiles?
** Information type changed from Public to Public Security
** Changed in: cloud-init (Ubuntu)
Assignee: (unassigned) => Ubuntu Security Team (ubuntu-security)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1717627
Title:
permission denied when executing dhclient in Ec2 datasource
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1717627/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
