Last nights isc-dhcp-server update fails to start
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
isc-dhcp (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Quantal |
Fix Released
|
High
|
Stéphane Graber |
Bug Description
== Rational ==
The recent isc-dhcp SRU to quantal introduced a patch that fixes cases where checksum offloading would cause the checksum to be empty by having dhcpd re-calculate the checksum in those case.
This requires dhcpd to use raw sockets, unfortunately I forgot to allow those in the apparmor profile.
I've had 3 report so far of people who got a broken dhcpd post-upgrade and I suspect the number to be far higher.
The fix simply copies the apparmor profile as we have it in raring which allows the extra socket type.
== Test case ==
1) Install dhcpd on a machine that does checksum offloading (virtual machine with virtio for example) or uses infiniband
2) Check that dhcpd starts
== Regression potential ==
This is a direct copy of the apparmor profile from raring. The dmesg entry below quite clearly matches the socket type, so I don't expect any regression to happen.
--- Original bug report ---
This is Ubuntu 12.10
Start-Date: 2013-04-22 20:48:32
Commandline: apt-get --assume-yes dist-upgrade
Upgrade: isc-dhcp-
End-Date: 2013-04-22 20:49:28
I forced a downgrade to the previous packages isc-dhcp-
isc-dhcp-
Here a few of the log entries from when it was working to when it stopped working:
Apr 22 20:27:57 io dhcpd: DHCPACK to 192.168.2.98 (00:1f:d0:d0:ed:50) via eth1
Apr 22 20:38:00 io dhcpd: DHCPINFORM from 192.168.2.98 via eth1
Apr 22 20:38:00 io dhcpd: DHCPACK to 192.168.2.98 (00:1f:d0:d0:ed:50) via eth1
Apr 22 20:48:02 io dhcpd: DHCPINFORM from 192.168.2.98 via eth1
Apr 22 20:48:02 io dhcpd: DHCPACK to 192.168.2.98 (00:1f:d0:d0:ed:50) via eth1
Apr 22 20:49:21 io dhcpd: Wrote 0 deleted host decls to leases file.
Apr 22 20:49:21 io dhcpd: Wrote 0 new dynamic host decls to leases file.
Apr 22 20:49:21 io dhcpd: Wrote 31 leases to leases file.
Apr 22 20:49:21 io dhcpd: Open a socket for LPF: Permission denied
Apr 22 20:49:21 io kernel: [168459.938698] type=1400 audit(136667816
Apr 22 20:49:21 io dhcpd: Wrote 0 deleted host decls to leases file.
Apr 22 20:49:21 io dhcpd: Wrote 0 new dynamic host decls to leases file.
Apr 22 20:49:21 io dhcpd: Wrote 31 leases to leases file.
Apr 22 20:49:21 io dhcpd: Open a socket for LPF: Permission denied
Apr 22 20:49:21 io kernel: [168460.091513] type=1400 audit(136667816
Apr 22 20:49:21 io dhcpd: Wrote 0 deleted host decls to leases file.
Apr 22 20:49:21 io dhcpd: Wrote 0 new dynamic host decls to leases file.
Apr 22 20:49:21 io dhcpd: Wrote 31 leases to leases file.
Apr 22 20:49:21 io dhcpd: Open a socket for LPF: Permission denied
Apr 22 20:49:21 io kernel: [168460.404076] type=1400 audit(136667816
Apr 22 20:49:21 io dhcpd: Wrote 0 deleted host decls to leases file.
Apr 22 20:49:21 io dhcpd: Wrote 0 new dynamic host decls to leases file.
Apr 22 20:49:21 io dhcpd: Wrote 31 leases to leases file.
Apr 22 20:49:21 io dhcpd: Open a socket for LPF: Permission denied
Apr 22 20:49:21 io kernel: [168460.487047] type=1400 audit(136667816
Apr 22 20:49:21 io dhcpd: Wrote 0 deleted host decls to leases file.
Apr 22 20:49:21 io dhcpd: Wrote 0 new dynamic host decls to leases file.
Apr 22 20:49:21 io dhcpd: Wrote 31 leases to leases file.
Apr 22 20:49:21 io dhcpd: Open a socket for LPF: Permission denied
pr 23 07:14:39 io dhcpd: Wrote 31 leases to leases file.
Apr 23 07:14:40 io dhcpd: Open a socket for LPF: Permission denied
Apr 23 07:14:40 io kernel: [ 49.077715] type=1400 audit(136671568
Apr 23 07:14:40 io dhcpd: Wrote 0 deleted host decls to leases file.
Apr 23 07:14:40 io dhcpd: Wrote 0 new dynamic host decls to leases file.
Apr 23 07:14:40 io dhcpd: Wrote 31 leases to leases file.
Apr 23 07:14:40 io dhcpd: Open a socket for LPF: Permission denied
Apr 23 07:14:40 io kernel: [ 49.248752] type=1400 audit(136671568
Apr 23 07:14:40 io dhcpd: Wrote 0 deleted host decls to leases file.
Apr 23 07:14:40 io dhcpd: Wrote 0 new dynamic host decls to leases file.
Apr 23 07:14:40 io dhcpd: Wrote 31 leases to leases file.
Apr 23 07:14:40 io dhcpd: Open a socket for LPF: Permission denied
Apr 23 07:14:40 io kernel: [ 49.509316] type=1400 audit(136671568
Apr 23 07:14:40 io dhcpd: Wrote 0 deleted host decls to leases file.
Apr 23 07:14:40 io dhcpd: Wrote 0 new dynamic host decls to leases file.
Apr 23 07:14:40 io dhcpd: Wrote 31 leases to leases file.
Apr 23 07:14:41 io dhcpd: Open a socket for LPF: Permission denied
Apr 23 07:14:41 io kernel: [ 49.956465] type=1400 audit(136671568
Apr 23 07:14:41 io dhcpd: Wrote 0 deleted host decls to leases file.
Apr 23 07:14:41 io dhcpd: Wrote 0 new dynamic host decls to leases file.
Apr 23 07:14:41 io dhcpd: Wrote 31 leases to leases file.
Apr 23 07:14:41 io dhcpd: Open a socket for LPF: Permission denied
Apr 23 07:14:41 io kernel: [ 50.147287] type=1400 audit(136671568
Apr 23 07:14:41 io dhcpd: Wrote 0 deleted host decls to leases file.
Apr 23 07:14:41 io dhcpd: Wrote 0 new dynamic host decls to leases file.
Apr 23 07:14:41 io dhcpd: Wrote 31 leases to leases file.
Apr 23 07:14:41 io dhcpd: Open a socket for LPF: Permission denied
Apr 23 07:14:41 io kernel: [ 50.332243] type=1400 audit(136671568
Changed in isc-dhcp (Ubuntu): | |
status: | New → Triaged |
importance: | Undecided → High |
status: | Triaged → Fix Released |
Changed in isc-dhcp (Ubuntu Quantal): | |
status: | New → Triaged |
importance: | Undecided → High |
assignee: | nobody → Stéphane Graber (stgraber) |
description: | updated |
Changed in isc-dhcp (Ubuntu Quantal): | |
status: | Triaged → In Progress |
For anyone affected by this bug and who can't wait for the bugfix to land, you can simply edit /etc/apparmor. d/usr.sbin. dhcpd and apply the following diff, then do "sudo /etc/init. d/apparmor reload".
diff -Nru isc-dhcp- 4.2.4/debian/ apparmor- profile. dhcpd isc-dhcp- 4.2.4/debian/ apparmor- profile. dhcpd 4.2.4/debian/ apparmor- profile. dhcpd 2012-10-16 21:25:47.000000000 +0200 4.2.4/debian/ apparmor- profile. dhcpd 2013-04-23 17:16:49.000000000 +0200
--- isc-dhcp-
+++ isc-dhcp-
@@ -16,6 +16,8 @@
network inet raw, /[0-9]* /net/dev r, /[0-9]* /net/{dev, if_inet6} r,
network packet packet,
+ network packet raw,
+
@{PROC}
@{PROC}