[Bug 1049177] Re: isc-dhcp-server apparmor profile should have include ".d"

Launchpad Bug Tracker 1049177 at bugs.launchpad.net
Mon Oct 8 21:25:14 UTC 2012 

This bug was fixed in the package maas - 0.1+bzr1223+dfsg-0ubuntu1

---------------
maas (0.1+bzr1223+dfsg-0ubuntu1) quantal; urgency=low

  * New upstream release. (LP: #1062518)

  [ Julian Edwards ]
  * Split packaging of 'maas' into maas-{region,cluster}-controller
    - debian/control: Update accordingly.
    - debian/*.install: Move files accordingly
    - debian/*.{postinst,postrm,preinst}: Move files accordingly.
  * Ensure isc-dhcp-server is disabled when installing maas-dhcp.
  * Ensure maas-dns creates the maas user before trying to chown files.
  * Make maas-cluster-controller autoconfigure itself when upgrading from the
    old maas package. (LP: #1059416)
  * Add missing prerm file for maas-cluster-controller so that .pyc files
    are cleaned up. (LP: #1059973)

  [ Raphaël Badin ]
  * Install maas_local_celeryconfig.py in /etc/maas and symlink to
    /usr/share/maas.
  * debian/maas.postinst: Create rabbitmq celery user/vhost.
  * debian/maas.postinst: Update BROKER_URL in maas_local_celeryconfig.py.
  * Use maas_local_celeryconfig_cluster.py as the local celery
    configuration file for the cluster worker.
  * debian/maas-region-controller.maas-region-celery.upstart: Add region
    worker upstart script.
  * Rename cluster worker upstart script into
    maas-cluster-controller.maas-clluster-celery.upstart.
  * maas-cluster-controller.maas-celery.upstart: use "celeryconfig_cluster"
    as the Celery config module.
  * debian/maas-common.install: Install celeryconfig_common.py.
  * debian/maas-cluster-controller.install: Install celeryconfig_cluster.py.
  * debian/maas-region-controller.install: Install celeryconfig.py.
  * Split celery config into cluster and region configs.
  * Add region celeryd upstart config.
  * Define CELERY_CONFIG_MODULE in
    maas-cluster-controller.maas-cluster-celery.upstart

  [ Jeroen Vermeulen ]
  * Make maas_local_celery_config.py non-world readable.
  * Make maas_local_celeryconfig_cluster.py non-world readable.
  * Set root:maas ownership of local cluster config only *after*
    the maas user/group have been created

  [ Andres Rodriguez ]
  * debian/maas.postinst:
    - Always restart apache2.
    - Handle upgrades for new upstream release.
    - Handle upgrades for celery rabbitmq worker.
  * Add binary package to install client tool.
    - debian/extras/maas-cli: Add binary.
    - debian/maas-cli.install: Add. Install maascli and apiclient.
    - debian/control: Add binary package.
  * debian/control:
    - Depends on freeipmi-tools instead of ipmitool.
    - Conflicts/Replaces on maas for python-maas-client.
    - Depends on python-netifaces, python-lxml.
  * Add python-maas-client binary package:
    - debian/python-maas-client.install: Add. Install 'apiclient' python module.
    - debian/control: Add package. python-django-maas and maas-cli now
      Depend on it.
  * debian/rules: Install maas-dhcp-server upstart job.
  * debian/maas.postrm: Remove celery worker rabbitmq user and host.
  * debian/extras/99-maas-sudoers: Add for maas-dhcp-server upstart job
    instead of isc-dhcp-server (LP: #1055951)
  * debian/maas-region-controller.postinst: Cleanup upgrade rules.
  * debian/maas-cluster-controller.postinst: Fix 'local' usage.
  * debian/maas-common.install: Install celeryconfig in appropriate location.
  * debian/maas-cluster-controller.postrm: Add and delete maas user.
  * debian/maas-dhcp.postinst: Stop isc-dhcp-server not isc_dhcp_server.
  * debian/maas-region-controller.postinst:
    - Always update passwords on upgrade. No longer check versioning. (LP: #1060094).
    - Add MAAS server to allowed mirror in squid-deb-proxy
    - Source dbconfig conf file for maas-region-controller on upgrade because
      it writes a new config file and no longer preservers the previous password.
  * debian/maas-cluster-controller.maas-cluster-celery.upstart: Remove set{uid/gid}.
  * debian/maas-region-controller.install: Install maas-import-squashfs
  * Handle removal of non existant files (LP: #1059556):
    - debian/maintscript: Added to handle removal of conffiles.
    - debian/control: Add Pre-depends and bump debhelper version.
  * update po files for the templates.
  * debian/extras/99-maas: Install in usr/share/maas/conf and symlink to the
    appropriate etc dir.
  * debian/maas-cluster-controller.config: Source debconf at the beginning of the
    script. (LP: #1063857)
  * debian/patches/99-temporary-fix-constraints.patch: Fix constraints maaping
    when deploying with juju. Temporary until it gets merged upstream

  [ Robie Basak ]
  * Add maas-cluster-controller dependency on uuid-runtime, needed for uuidgen
    by postinst.

  [ Scott Moser ]
  * debian/maas-dhcp.{install,apparmor,postrm} install apparmor profile into
    /etc/apparmor.d/dhcpd.d (LP: #1049177), and update apparmor profile for
    /usr/sbin/dhcpd on install/remove
  * get the ip address for the dhcp server in config

  [ Diogo Matsubara ]
  * Add initial tests to be run by autotests:
    - debian/control: XS-Testsuite: autopkgtest
    - debian/tests/control: Add
    - debian/tests/maas-package-test: Add
    - tests/maas-integration.py: Add
 -- Andres Rodriguez <andreserl at ubuntu.com>   Mon, 08 Oct 2012 13:10:23 -0400

** Changed in: maas (Ubuntu Quantal)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to isc-dhcp in Ubuntu.
https://bugs.launchpad.net/bugs/1049177

Title:
  isc-dhcp-server apparmor profile should have include ".d"

Status in “isc-dhcp” package in Ubuntu:
  Fix Released
Status in “maas” package in Ubuntu:
  Fix Released
Status in “isc-dhcp” source package in Precise:
  In Progress
Status in “maas” source package in Precise:
  New
Status in “isc-dhcp” source package in Quantal:
  Fix Released
Status in “maas” source package in Quantal:
  Fix Released

Bug description:
  /etc/apparmor.d/usr.sbin.dhcpd currently has:
    # Eucalyptus
    /{,var/}run/eucalyptus/net/ r,
    /{,var/}run/eucalyptus/net/** r,
    /{,var/}run/eucalyptus/net/*.pid lrw,
    /{,var/}run/eucalyptus/net/*.leases* lrw,
    /{,var/}run/eucalyptus/net/*.trace lrw,

  and
      #include <local/usr.sbin.dhcpd>

  [rationale]
  The MAAS project is looking to use isc-dhcp-server almost exactly like eucalyptus did, and as a result would need some changes to this profile.  In speaking with jdstrand [1], he suggested that "#include <isc-dhcpd.d>" was the preferred way to enable this.

  [test case]
  Just make sure the apparmor profile gets updated and doesn't fail to load. Proper testing will have to be done once the mass change lands.

  [regression potential]
  Was tested on quantal and it's already widely used apparmor syntax, so the worst I can think of is that the line just won't work and won't include the profile once it lands in maas.

  --
  [1] http://irclogs.ubuntu.com/2012/09/11/%23ubuntu-server.html#t14:36

  ProblemType: Bug
  DistroRelease: Ubuntu 12.10
  Package: isc-dhcp-server 4.2.4-1ubuntu7
  ProcVersionSignature: User Name 3.5.0-13.14-generic 3.5.3
  Uname: Linux 3.5.0-13-generic x86_64
  ApportVersion: 2.5.1-0ubuntu7
  Architecture: amd64
  Date: Tue Sep 11 15:01:45 2012
  DhServerLeases:

  Ec2AMI: ami-00000148
  Ec2AMIManifest: FIXME
  Ec2AvailabilityZone: nova
  Ec2InstanceType: m1.small
  Ec2Kernel: unavailable
  Ec2Ramdisk: unavailable
  KernLog:

  ProcEnviron:
   TERM=screen
   PATH=(custom, no user)
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: isc-dhcp
  UpgradeStatus: No upgrade log present (probably fresh install)
  mtime.conffile..etc.dhcp.dhcpd.conf: 2012-09-07T14:46:55.587373

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1049177/+subscriptions

More information about the foundations-bugs mailing list