[Bug 1905800] [NEW] Apparmor denies pid file creation for dhclient when started by network-manager

Glenn Washburn 1905800 at bugs.launchpad.net
Fri Nov 27 01:17:22 UTC 2020 

Public bug reported:

I'm using package isc-dhcp-client version 4.4.1-2.1ubuntu5

I'm getting these messages in syslog:

  dhclient[3308281]: Can't create /run/NetworkManager/dhclient-wlp23s1.pid: Permission denied
  audit: type=1400 audit(1606420037.168:811): apparmor="DENIED" operation="mknod" profile="/{,usr/}sbin/dhclient" name="/run/NetworkManager/dhclient-wlp23s1.pid" pid=3308281 comm="dhclient" requested_mask="c" denied_mask="c" fsuid=0 ouid=0

  dhclient[3308357]: Can't create /run/NetworkManager/dhclient6-wlp23s1.pid: Permission denied
  audit: type=1400 audit(1606420039.268:816): apparmor="DENIED" operation="mknod" profile="/{,usr/}sbin/dhclient" name="/run/NetworkManager/dhclient6-wlp23s1.pid" pid=3308357 comm="dhclient" requested_mask="c" denied_mask="c" fsuid=0 ouid=0

Adding "/run/NetworkManager/dhclient{,6}-*.pid lrw," to the apparmor
profile in /etc/apparmor.d/sbin.dhclient fixes the issue.

** Affects: isc-dhcp (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to isc-dhcp in Ubuntu.
https://bugs.launchpad.net/bugs/1905800

Title:
  Apparmor denies pid file creation for dhclient when started by
  network-manager

Status in isc-dhcp package in Ubuntu:
  New

Bug description:
  I'm using package isc-dhcp-client version 4.4.1-2.1ubuntu5

  I'm getting these messages in syslog:

    dhclient[3308281]: Can't create /run/NetworkManager/dhclient-wlp23s1.pid: Permission denied
    audit: type=1400 audit(1606420037.168:811): apparmor="DENIED" operation="mknod" profile="/{,usr/}sbin/dhclient" name="/run/NetworkManager/dhclient-wlp23s1.pid" pid=3308281 comm="dhclient" requested_mask="c" denied_mask="c" fsuid=0 ouid=0

    dhclient[3308357]: Can't create /run/NetworkManager/dhclient6-wlp23s1.pid: Permission denied
    audit: type=1400 audit(1606420039.268:816): apparmor="DENIED" operation="mknod" profile="/{,usr/}sbin/dhclient" name="/run/NetworkManager/dhclient6-wlp23s1.pid" pid=3308357 comm="dhclient" requested_mask="c" denied_mask="c" fsuid=0 ouid=0

  Adding "/run/NetworkManager/dhclient{,6}-*.pid lrw," to the apparmor
  profile in /etc/apparmor.d/sbin.dhclient fixes the issue.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1905800/+subscriptions

More information about the foundations-bugs mailing list