Public bug reported: From the Debian Bug report logs - #1055067 isc-dhcp-client: network-manager 1.44.2-3 changed path to nm-dhcp-helper, apparmor need update
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055067 The problem causes the DHCP fail to receive the IP with this error in the dmesg command: [ 1037.911083] audit: type=1400 audit(1727430402.572:1355): apparmor="DENIED" operation="exec" class="file" profile="/{,usr/}sbin/dhclient" name="/usr/libexec/nm-dhcp-helper" pid=6763 comm="dhclient" requested_mask="x" denied_mask="x" fsuid=0 ouid=0 The /etc/apparmor.d/sbin.dhclient file needs to be updated to include the /usr/libexec/nm-dhcp-helper (instead of /usr/lib/NetworkManager/nm- dhcp-helper). Just in case, to solve it, I duplicated the definitions for the NetworkManager/nm-dhcp-helper. FILE: /etc/apparmor.d/sbin.dhclient .... # Support the new executable helper from NetworkManager. /usr/lib/NetworkManager/nm-dhcp-helper Pxrm, signal (receive) peer=/usr/lib/NetworkManager/nm-dhcp-helper, /usr/libexec/nm-dhcp-helper Pxrm, signal (receive) peer=/usr/libexec/nm-dhcp-helper, .... /usr/lib/NetworkManager/nm-dhcp-helper { #include <abstractions/base> #include <abstractions/dbus> /usr/lib/NetworkManager/nm-dhcp-helper mr, /run/NetworkManager/private-dhcp rw, signal (send) peer=/sbin/dhclient, /var/lib/NetworkManager/*lease r, signal (receive) peer=/usr/sbin/NetworkManager, ptrace (readby) peer=/usr/sbin/NetworkManager, network inet dgram, network inet6 dgram, } /usr/libexec/nm-dhcp-helper { #include <abstractions/base> #include <abstractions/dbus> /usr/libexec/nm-dhcp-helper mr, /run/NetworkManager/private-dhcp rw, signal (send) peer=/sbin/dhclient, /var/lib/NetworkManager/*lease r, signal (receive) peer=/usr/sbin/NetworkManager, ptrace (readby) peer=/usr/sbin/NetworkManager, network inet dgram, network inet6 dgram, } .... ** Affects: isc-dhcp (Ubuntu) Importance: Undecided Status: New ** Tags: patch-forwarded-debian ** Summary changed: - sc-dhcp-client: network-manager changed path to nm-dhcp-helper, apparmor need update + network-manager changed path to nm-dhcp-helper, apparmor need update ** Description changed: - From the Debian Bug report logs - #1055067 isc-dhcp-client: network-manager 1.44.2-3 changed path to nm-dhcp-helper, apparmor need update https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055067 The problem causes the DHCP fail to receive the IP with this error in the dmesg command: [ 1037.911083] audit: type=1400 audit(1727430402.572:1355): apparmor="DENIED" operation="exec" class="file" profile="/{,usr/}sbin/dhclient" name="/usr/libexec/nm-dhcp-helper" pid=6763 comm="dhclient" requested_mask="x" denied_mask="x" fsuid=0 ouid=0 The /etc/apparmor.d/sbin.dhclient file needs to be updated to include the /usr/libexec/nm-dhcp-helper (instead of /usr/lib/NetworkManager/nm- dhcp-helper). Just in case, to solve it, I duplicated the definitions for the NetworkManager/nm-dhcp-helper. - FILE: /etc/apparmor.d/sbin.dhclient .... - # Support the new executable helper from NetworkManager. - /usr/lib/NetworkManager/nm-dhcp-helper Pxrm, - signal (receive) peer=/usr/lib/NetworkManager/nm-dhcp-helper, - /usr/libexec/nm-dhcp-helper Pxrm, - signal (receive) peer=/usr/libexec/nm-dhcp-helper, + # Support the new executable helper from NetworkManager. + /usr/lib/NetworkManager/nm-dhcp-helper Pxrm, + signal (receive) peer=/usr/lib/NetworkManager/nm-dhcp-helper, + /usr/libexec/nm-dhcp-helper Pxrm, + signal (receive) peer=/usr/libexec/nm-dhcp-helper, .... + /usr/lib/NetworkManager/nm-dhcp-helper { + #include <abstractions/base> + #include <abstractions/dbus> + /usr/lib/NetworkManager/nm-dhcp-helper mr, + + /run/NetworkManager/private-dhcp rw, + signal (send) peer=/sbin/dhclient, + + /var/lib/NetworkManager/*lease r, + signal (receive) peer=/usr/sbin/NetworkManager, + ptrace (readby) peer=/usr/sbin/NetworkManager, + network inet dgram, + network inet6 dgram, + } + /usr/libexec/nm-dhcp-helper { #include <abstractions/base> #include <abstractions/dbus> /usr/libexec/nm-dhcp-helper mr, /run/NetworkManager/private-dhcp rw, signal (send) peer=/sbin/dhclient, /var/lib/NetworkManager/*lease r, signal (receive) peer=/usr/sbin/NetworkManager, ptrace (readby) peer=/usr/sbin/NetworkManager, network inet dgram, network inet6 dgram, } .... -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2083017 Title: network-manager changed path to nm-dhcp-helper, apparmor need update To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/2083017/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
