[Bug 1654624] Re: dhcp apparmor profile complains about lxd client

Hadmut Danisch hadmut at danisch.de
Sat Jan 28 12:17:02 UTC 2017 

> Which are the perceivable consequences of this bug?

I currently cannot survey the consequences, since I am not familiar with
the recent semantic changes of apparmor (are there any docs? Any hints
to the users about changes? Any release notes?)

For some time now I am spending and wasting lots of time to hunt bugs in
all sorts of software like firefox, chromium, ejabberd, lxd,... which is
all caused by sudden apparmor trouble.


A side effect of all these bugs is that log files (and desktops through aa-notify) are flooded with hundres, thousands, millions of log messages, which jams a system and makes it impossible to find really important log messages, and, btw., can ruin flash memory in SSDs and SD-Cards within short time. 

Why on earth has one backported this pile of bugs into a LTS version?

This rendered Ubuntu so unreliable, that I have to consider to change to
CentOS or something like this for servers in order to get SELinux
instead.

Is there any way to get 16.04 stable again?

BTW: How should I answer the question about the consequences of the bug,
if I don't see any docs about was has changed with apparmor?


** Changed in: isc-dhcp (Ubuntu)
       Status: Incomplete => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to isc-dhcp in Ubuntu.
https://bugs.launchpad.net/bugs/1654624

Title:
  dhcp apparmor profile complains about lxd client

Status in apparmor package in Ubuntu:
  New
Status in isc-dhcp package in Ubuntu:
  Confirmed

Bug description:
  Hi,

  strange problem recently occured:

  I'm having some ubuntu machines running in LXD (nothing unusual, just
  based on the regular ubuntu LXD images) on a ubuntu host. Worked well
  for some time.

  But now the host generates messages like


  Jan  6 19:17:05 monstrum kernel: [ 1063.263531] audit: type=1400
  audit(1483726625.388:247): apparmor="DENIED" operation="file_perm"
  namespace="root//lxd-rackadmin_<var-lib-lxd>" profile="/sbin/dhclient"
  name="/apparmor/.null" pid=5125 comm="dhclient" requested_mask="w"
  denied_mask="w" fsuid=165536 ouid=0

  
  in /var/log/kern.log. 

  For some reason the apparmor running on the host interferes with the
  containers.

  ProblemType: Bug
  DistroRelease: Ubuntu 16.04
  Package: isc-dhcp-client 4.3.3-5ubuntu12.6
  ProcVersionSignature: Ubuntu 4.4.0-57.78-generic 4.4.35
  Uname: Linux 4.4.0-57-generic x86_64
  ApportVersion: 2.20.1-0ubuntu2.4
  Architecture: amd64
  CurrentDesktop: LXDE
  Date: Fri Jan  6 19:19:12 2017
  SourcePackage: isc-dhcp
  UpgradeStatus: Upgraded to xenial on 2016-04-06 (275 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1654624/+subscriptions

More information about the foundations-bugs mailing list