Public bug reported:
Dear Sir or Madam,
during installation of kea-2.4 (kea-dhcp4, kea-dhcp6 and kea-ctrl-agent)
some profiles for apparmor are installed/created as well.
Unfortunately these profiles prevent kea services to start when for example
MySQL as backend is configured.
Config snippet from kea-dhcp4.conf:
"hosts-database": {
"type": "mysql",
"name": "kea",
"user": "kea",
"password": "password",
"host": "",
"port": 3306
},
Error message from kea-dhcp4-server:
ERROR [kea-dhcp4.dhcp4.125444634970560] DHCP4_CONFIG_LOAD_FAIL configuration
error using file: /etc/kea/kea-dhcp4.conf, reason: Unable to open database:
Can't connect to local MySQL server through socket
'/var/run/mysqld/mysqld.sock' (13)
ERROR [kea-dhcp4.dhcp4.125444634970560] DHCP4_INIT_FAIL failed to initialize
Kea server: configuration error using file '/etc/kea/kea-dhcp4.conf': Unable to
open database: Can't connect to local MySQL server through socket
'/var/run/mysqld/mysqld.sock' (13)
Message from dmesg:
[ 685.201719] audit: type=1400 audit(1714811351.219:113): apparmor="DENIED"
operation="connect" class="file" info="Failed name lookup - disconnected path"
error=-13 profile="kea-dhcp4" name="run/mysqld/mysqld.sock" pid=2887
comm="kea-dhcp4" requested_mask="wr" denied_mask="wr" fsuid=111 ouid=110
As you can see, kea can't connect to mysql through the socket, since
apparmor is preventing it.
There is a similar issue with using the kea-ctrl-agent with the other
services.
In your installed apparmor profiles you specifically allow the socket
/run/kea/kea4-ctrl-socket
profile snippet:
# Control sockets
# Before LP: #1863100, these were in /tmp. For compatibility, let's keep both
# locations
owner /{tmp,run/kea}/kea4-ctrl-socket w,
owner /{tmp,run/kea}/kea4-ctrl-socket.lock rwk,
Naming it anything else prevents the server to start as well.
It's really time-consuming and nerve racking to debug this, since the
issue with apparmor is not directly apparently.
ProblemType: Bug
DistroRelease: Ubuntu 24.04
Package: kea-dhcp4-server 2.4.1-3build3
ProcVersionSignature: Ubuntu 6.8.0-31.31-generic 6.8.1
Uname: Linux 6.8.0-31-generic x86_64
ApportVersion: 2.28.1-0ubuntu2
Architecture: amd64
CasperMD5CheckResult: unknown
Date: Sat May 4 10:33:20 2024
ProcEnviron:
LANG=en_US.UTF-8
PATH=(custom, no user)
SHELL=/bin/bash
TERM=xterm-256color
XDG_RUNTIME_DIR=<set>
SourcePackage: isc-kea
UpgradeStatus: No upgrade log present (probably fresh install)
modified.conffile..etc.kea.kea-dhcp4.conf: [modified]
mtime.conffile..etc.kea.kea-dhcp4.conf: 2024-05-04T10:28:43.848349
** Affects: isc-kea (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug noble
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2064791
Title:
apparmor prevents kea launch
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/isc-kea/+bug/2064791/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
