Ubuntu
isc-dhcp package

dhcpd failed to start with apparmor denied: capname="dac_override"

Bug #1028526 reported by Jean-Baptiste Lallement
22
This bug affects 4 people
Affects Status Importance Assigned to Milestone
isc-dhcp (Ubuntu)
Fix Released
High
Jamie Strandboge

Bug Description

TEST CASE:
1. Install a fresh ubuntu server
2. Install isc-dhcp-server
3. Reboot

ACTUAL RESULT
dhcpd failed to start with the following message in syslog

Jul 24 12:00:51 ubuntu dhcpd: Can't open /var/lib/dhcp/dhcpd.leases for append.
Jul 24 12:00:51 ubuntu kernel: [ 2.754632] type=1400 audit(1343145651.533:7): apparmor="DENIED" operation="capable" parent=1 profile="/usr/sbin/dhcpd" pid=889 comm="dhcpd" pid=889 comm="dhcpd" capability=1 capname="dac_override"

ProblemType: Bug
DistroRelease: Ubuntu 12.10
Package: isc-dhcp-server (not installed)
ProcVersionSignature: Ubuntu 3.5.0-5.5-generic 3.5.0-rc7
Uname: Linux 3.5.0-5-generic x86_64
ApportVersion: 2.4-0ubuntu5
Architecture: amd64
Date: Tue Jul 24 18:05:29 2012
ProcEnviron:
 TERM=xterm
 PATH=(custom, user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: isc-dhcp
UpgradeStatus: Upgraded to quantal on 2012-01-31 (174 days ago)

Related branches

lp:ubuntu/quantal/isc-dhcp
Revision history for this message
Jean-Baptiste Lallement (jibel) wrote :
Revision history for this message
Ubuntu QA Website (ubuntuqa) wrote :

This bug has been reported on the Ubuntu ISO testing tracker.

A list of all reports related to this bug can be found here:
http://iso.qa.ubuntu.com/qatracker/reports/bugs/1028526

tags: added: iso-testing
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

4.2.4-1ubuntu1 dropped the Ubuntu delta for dropping privileges so we could use the upstream code instead. The order of when upstream open the leases file must be different than the previous patch because the lease files need to be owned by root:root, not dhcpd:dhcpd. While add 'capability dac_override' to the profile would fix the issue, it would be better to update the upstart job to adjust the permissions on the lease files so we don't need the expanded permission. I am preparing an upload for this now.

Changed in isc-dhcp (Ubuntu):
assignee: nobody → Jamie Strandboge (jdstrand)
importance: Undecided → High
status: New → In Progress
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

FYI, this was caught by test-dhcp.py in QRT.

tags: added: apparmor
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package isc-dhcp - 4.2.4-1ubuntu4

---------------
isc-dhcp (4.2.4-1ubuntu4) quantal; urgency=low

  * debian/isc-dhcp-server.isc-dhcp-server[6].upstart: chown /var/lib/dhcp
    and the lease files to 'root:root'. This is needed due to the change
    in 4.2.4-1ubuntu1 to use the upstream code for dropping privileges which
    requires the lease files be owned by root. (LP: #1028526)
 -- Jamie Strandboge <email address hidden> Tue, 24 Jul 2012 11:24:36 -0500

Changed in isc-dhcp (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.