@norm-audrey as I read it the proposed fix does not contain a '''
character. It is the single line
@{PROC}/sys/net/ipv4/ip_local_port_range r,
do you perhaps also copy the following line?
'lsb_release -rd':
That would indeed result in the reported error. I am not sure how the
profile in comment #4 would fix the originally reported deny message
except by causing dhcpd to not use the code path resulting in the
denial.
As for the difference between the two profiles. They don't have a completely
different form, both have evolved from a similar base so they have much in
common but do have some differences. The profile from
https://github.com/Harvie/AppArmor-Profiles/blob/master/usr.sbin.dhcpd is an
older version of the one carried by the upstream project
https://gitlab.com/apparmor/apparmor/-/blob/master/profiles/apparmor/profiles/extras/usr.sbin.dhcpd.
Beyond whitespace differences I see
different conf file locations
/etc/dhcpd.conf r,
/etc/named.d/* r,
vs.
/etc/dhcp/dhcpd.conf r,
/etc/dhcp/dhcpd6.conf r,
/etc/bind/* r,
broader lease location in the old upstream version
/var/lib/dhcp/{db/,}dhcpd.leases* rwl,
vs.
/var/lib/dhcp/dhcpd6.leases* rwl,
support for ipv6 leases in your version
/var/lib/dhcp/{db/,}dhcpd.leases* rwl,
vs
/var/lib/dhcp/dhcpd.leases* rwl,
/var/lib/dhcp/dhcpd6.leases* rwl,
note: current upstream has broader leases and ipv6
/var/lib/dhcp/{db/,}dhcpd{6,}.leases* rwl,
different pid file location
/{,var/}run/dhcpd.pid wl
vs.
/{,var/}run/dhcp-server/dhcpd.pid wl,
Some of this could come down to system configuration of dhcpd.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1901373
Title:
isc-dhcp-server AppArmor Denied on
/proc/sys/net/ipv4/ip_local_port_range
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1901373/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
