[Bug 1028526] Re: dhcpd failed to start with apparmor denied: capname="dac_override"

Jamie Strandboge jamie at ubuntu.com
Tue Jul 24 16:20:27 UTC 2012 

4.2.4-1ubuntu1 dropped the Ubuntu delta for dropping privileges so we
could use the upstream code instead. The order of when upstream open the
leases file must be different than the previous patch because the lease
files need to be owned by root:root, not dhcpd:dhcpd. While add
'capability dac_override' to the profile would fix the issue, it would
be better to update the upstart job to adjust the permissions on the
lease files so we don't need the expanded permission. I am preparing an
upload for this now.

** Changed in: isc-dhcp (Ubuntu)
   Importance: Undecided => High

** Changed in: isc-dhcp (Ubuntu)
       Status: New => In Progress

** Changed in: isc-dhcp (Ubuntu)
     Assignee: (unassigned) => Jamie Strandboge (jdstrand)

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to isc-dhcp in Ubuntu.
https://bugs.launchpad.net/bugs/1028526

Title:
  dhcpd failed to start with apparmor denied: capname="dac_override"

Status in “isc-dhcp” package in Ubuntu:
  In Progress

Bug description:
  TEST CASE:
  1. Install a fresh ubuntu server
  2. Install isc-dhcp-server
  3. Reboot

  ACTUAL RESULT
  dhcpd failed to start with the following message in syslog

  Jul 24 12:00:51 ubuntu dhcpd: Can't open /var/lib/dhcp/dhcpd.leases for append.
  Jul 24 12:00:51 ubuntu kernel: [    2.754632] type=1400 audit(1343145651.533:7): apparmor="DENIED" operation="capable" parent=1 profile="/usr/sbin/dhcpd" pid=889 comm="dhcpd" pid=889 comm="dhcpd" capability=1  capname="dac_override"

  ProblemType: Bug
  DistroRelease: Ubuntu 12.10
  Package: isc-dhcp-server (not installed)
  ProcVersionSignature: Ubuntu 3.5.0-5.5-generic 3.5.0-rc7
  Uname: Linux 3.5.0-5-generic x86_64
  ApportVersion: 2.4-0ubuntu5
  Architecture: amd64
  Date: Tue Jul 24 18:05:29 2012
  ProcEnviron:
   TERM=xterm
   PATH=(custom, user)
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: isc-dhcp
  UpgradeStatus: Upgraded to quantal on 2012-01-31 (174 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1028526/+subscriptions

More information about the foundations-bugs mailing list