Public bug reported:
I can't start isc-dhcp-server with apparmor enabled.
I set a custom leases file in the dhcpd.conf:
lease-file-name "/test/var/lib/dhcp/dhcpd.leases";
and created a custom apparmor profile for that in
/etc/apparmor.d/local/usr.sbin.dhcpd:
/test/var/lib/dhcp/dhcpd{,6}.leases* lrw,
But when I try to start I see the following errors from dhcpd:
Internet Systems Consortium DHCP Server 4.3.5
Copyright 2004-2016 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Config file: /etc/dhcp/dhcpd.conf
Database file: /test/var/lib/dhcp/dhcpd.leases
PID file: /run/dhcp-server/dhcpd.pid
Can't open /test/var/lib/dhcp/dhcpd.leases for append.
If you think you have received this message due to a bug rather
than a configuration issue please read the section on submitting
bugs on either our web page at www.isc.org or in the README file
before submitting a bug. These pages explain the proper
process and the information we find helpful for debugging..
exiting.
And in the messages log I can see errors like this:
Apr 9 17:07:03.601 myhost dhcpd[27361]: Can't open
/test/var/lib/dhcp/dhcpd.leases for append.
Apr 9 17:07:03.601 myhost dhcpd[27361]:
Apr 9 17:07:03.601 myhost dhcpd[27361]: If you think you have received this
message due to a bug rather
Apr 9 17:07:03.601 myhost dhcpd[27361]: than a configuration issue please read
the section on submitting
Apr 9 17:07:03.601 myhost dhcpd[27361]: bugs on either our web page at
www.isc.org or in the README file
Apr 9 17:07:03.601 myhost dhcpd[27361]: before submitting a bug. These pages
explain the proper
Apr 9 17:07:03.601 myhost dhcpd[27361]: process and the information we find
helpful for debugging..
Apr 9 17:07:03.601 myhost dhcpd[27361]:
Apr 9 17:07:03.601 myhost dhcpd[27361]: exiting.
Apr 9 17:07:03.603 myhost kernel: audit: type=1400 audit(1554822423.596:221):
apparmor="DENIED" operation="capable" profile="/usr/sbin/dhcpd" pid=27361
comm="dhcpd" capability=1 capname="dac_override"
Apr 9 17:07:03.603 myhost kernel: audit: type=1400 audit(1554822423.596:221):
apparmor="DENIED" operation="capable" profile="/usr/sbin/dhcpd" pid=27361
comm="dhcpd" capability=1 capname="dac_override"
After disabling apparmor for dhcpd everything works as expected:
ln -s /etc/apparmor.d/usr.sbin.dhcpd /etc/apparmor.d/disable/
apparmor_parser -R /etc/apparmor.d/usr.sbin.dhcpd
** Affects: isc-dhcp (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1823985
Title:
isc-dhcp-server can't load leases file with apparmor enabled
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1823985/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
