[Bug 2143200] [NEW] isc-dhcp-server: isc-dhcp-server6 service fails to access /run/dhcp-server6/dhcpd*.pid due to wrong AppArmor permissions

Wed, 04 Mar 2026 01:50:46 -0800 

Public bug reported:

/etc/apparmor.d/usr.sbin.dhcpd contains:
/{,var/}run/{,dhcp-server/}dhcpd{,6}.pid rw,
=> That is, it allows access to /var/run/dhcp-server/ (but not to 
/var/run/dhcp-server6/).

/usr/lib/systemd/system/isc-dhcp-server6.service runs:
exec dhcpd -user dhcpd -group dhcpd -f -6 -pf /run/dhcp-server6/dhcpd6.pid -cf 
$CONFIG_FILE $INTERFACESv6'
=> The PID file is to be written to /var/run/dhcp-server6/.

Result (from sudo journalctl -u isc-dhcp-server6):
Can't create PID file /run/dhcp-server6/dhcpd6.pid: Permission denied.
=> Of course, the location is not allowed by AppArmor.

Fix (using /run/dhcp-server/ instead of /run/dhcp-server6, as allowed by 
/etc/apparmor.d/usr.sbin.dhcpd):
exec dhcpd -user dhcpd -group dhcpd -f -6 -pf /run/dhcp-server/dhcpd6.pid -cf 
$CONFIG_FILE $INTERFACESv6'

An alternative fix would be to update /etc/apparmor.d/usr.sbin.dhcpd instead 
(not tested!):
/{,var/}run/{,dhcp-server{,6}/}dhcpd{,6}.pid rw,

ProblemType: Bug
DistroRelease: Ubuntu 24.04
Package: isc-dhcp-server 4.4.3-P1-4ubuntu2 [modified: 
usr/lib/systemd/system/isc-dhcp-server6.service]
ProcVersionSignature: Ubuntu 6.17.0-14.14~24.04.1-generic 6.17.9
Uname: Linux 6.17.0-14-generic x86_64
ApportVersion: 2.28.1-0ubuntu3.8
Architecture: amd64
CasperMD5CheckResult: pass
CloudArchitecture: x86_64
CloudID: none
CloudName: none
CloudPlatform: none
CloudSubPlatform: config
Date: Wed Mar  4 10:34:07 2026
InstallationDate: Installed on 2023-06-28 (980 days ago)
InstallationMedia: Ubuntu-Server 22.04.2 LTS "Jammy Jellyfish" - Release amd64 
(20230217.1)
SourcePackage: isc-dhcp
UpgradeStatus: Upgraded to noble on 2025-04-28 (310 days ago)
modified.conffile..etc.dhcp.dhcpd.conf: [modified]
modified.conffile..etc.dhcp.dhcpd6.conf: [modified]
mtime.conffile..etc.dhcp.dhcpd.conf: 2026-03-04T10:21:06.042530
mtime.conffile..etc.dhcp.dhcpd6.conf: 2026-03-04T10:21:06.052491

** Affects: isc-dhcp (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug noble

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2143200

Title:
  isc-dhcp-server: isc-dhcp-server6 service fails to access /run/dhcp-
  server6/dhcpd*.pid due to wrong AppArmor permissions

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/2143200/+subscriptions


-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to