[Bug 1823985] Re: isc-dhcp-server can't load leases file with apparmor enabled

Launchpad Bug Tracker 1823985 at bugs.launchpad.net
Mon Dec 12 04:17:14 UTC 2022 

[Expired for isc-dhcp (Ubuntu) because there has been no activity for 60
days.]

** Changed in: isc-dhcp (Ubuntu)
       Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to isc-dhcp in Ubuntu.
https://bugs.launchpad.net/bugs/1823985

Title:
  isc-dhcp-server can't load leases file with apparmor enabled

Status in isc-dhcp package in Ubuntu:
  Expired

Bug description:
  I can't start isc-dhcp-server with apparmor enabled.

  I set a custom leases file in the dhcpd.conf:
   lease-file-name "/test/var/lib/dhcp/dhcpd.leases";

  and created a custom apparmor profile for that in /etc/apparmor.d/local/usr.sbin.dhcpd:
  /test/var/lib/dhcp/dhcpd{,6}.leases* lrw,

  But when I try to start I see the following errors from dhcpd:

  Internet Systems Consortium DHCP Server 4.3.5
  Copyright 2004-2016 Internet Systems Consortium.
  All rights reserved.
  For info, please visit https://www.isc.org/software/dhcp/
  Config file: /etc/dhcp/dhcpd.conf
  Database file: /test/var/lib/dhcp/dhcpd.leases
  PID file: /run/dhcp-server/dhcpd.pid
  Can't open /test/var/lib/dhcp/dhcpd.leases for append.

  If you think you have received this message due to a bug rather
  than a configuration issue please read the section on submitting
  bugs on either our web page at www.isc.org or in the README file
  before submitting a bug.  These pages explain the proper
  process and the information we find helpful for debugging..

  exiting.

  
  And in the messages log I can see errors like this:

  Apr  9 17:07:03.601 myhost dhcpd[27361]: Can't open /test/var/lib/dhcp/dhcpd.leases for append.
  Apr  9 17:07:03.601 myhost dhcpd[27361]:
  Apr  9 17:07:03.601 myhost dhcpd[27361]: If you think you have received this message due to a bug rather
  Apr  9 17:07:03.601 myhost dhcpd[27361]: than a configuration issue please read the section on submitting
  Apr  9 17:07:03.601 myhost dhcpd[27361]: bugs on either our web page at www.isc.org or in the README file
  Apr  9 17:07:03.601 myhost dhcpd[27361]: before submitting a bug.  These pages explain the proper
  Apr  9 17:07:03.601 myhost dhcpd[27361]: process and the information we find helpful for debugging..
  Apr  9 17:07:03.601 myhost dhcpd[27361]:
  Apr  9 17:07:03.601 myhost dhcpd[27361]: exiting.
  Apr  9 17:07:03.603 myhost kernel: audit: type=1400 audit(1554822423.596:221): apparmor="DENIED" operation="capable" profile="/usr/sbin/dhcpd" pid=27361 comm="dhcpd" capability=1  capname="dac_override"
  Apr  9 17:07:03.603 myhost kernel: audit: type=1400 audit(1554822423.596:221): apparmor="DENIED" operation="capable" profile="/usr/sbin/dhcpd" pid=27361 comm="dhcpd" capability=1  capname="dac_override"



  After disabling apparmor for dhcpd everything works as expected:

  ln -s /etc/apparmor.d/usr.sbin.dhcpd /etc/apparmor.d/disable/
  apparmor_parser -R /etc/apparmor.d/usr.sbin.dhcpd

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1823985/+subscriptions

More information about the foundations-bugs mailing list