apparmor denial for /var/lib/NetworkManager/dhclient6-eth0.conf

Bug #1180516 reported by Freeman
28
This bug affects 5 people
Affects Status Importance Assigned to Milestone
isc-dhcp (Ubuntu)
Fix Released
Undecided
Jamie Strandboge
Raring
Won't Fix
Undecided
Unassigned
Saucy
Fix Released
Undecided
Jamie Strandboge

Bug Description

When I boot my freshly installed Ubuntu 13.04 it takes a very long time and usually stalls on the message:

May 11 15:35:16 viper-desktop kernel: [ 20.465219] type=1400 audit(1368279316.282:32): apparmor="DENIED" operation="open" parent=946 profile="/sbin/dhclient" name="/var/lib/NetworkManager/dhclient6-eth0.conf" pid=1530 comm="dhclient" requested_mask="r" denied_mask="r" fsuid=0 ouid=0

This happens nearly every time. When I run 'viper@viper-desktop:~$ grep DENIED /var/log/kern.log' I see almost an entry for every boot I do. After a few minutes the boot continues and I get finally to the desktop. Shutting down the system is also a bit tricky as it doesn't powerof completely and the button needs to be pressed. I tried to use 'ACPI=off' in GRUB, or tried this: http://askubuntu.com/questions/287792/not-been-able-to-shut-down-13-04 but no success. I guess this is for another bug report or online search again. So I don't expect anyone's feedback on this last item.

viper@viper-desktop:~$ lsb_release -rd
Description: Ubuntu 13.04
Release: 13.04

viper@viper-desktop:~$ apt-cache policy apparmor
apparmor:
  Installed: 2.8.0-0ubuntu11
  Candidate: 2.8.0-0ubuntu11
  Version table:
 *** 2.8.0-0ubuntu11 0
        500 http://be.archive.ubuntu.com/ubuntu/ raring/main amd64 Packages
        100 /var/lib/dpkg/status

Related branches

Revision history for this message
Freeman (brechtgijbels-gmail) wrote :
Revision history for this message
Freeman (brechtgijbels-gmail) wrote :

dpkg -l|grep apparmor

Revision history for this message
Freeman (brechtgijbels-gmail) wrote :

grep DENIED /var/log/kern.log

Revision history for this message
Freeman (brechtgijbels-gmail) wrote :

cat /proc/version_signature

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thanks for using Ubuntu and reporting a bug. While I can't confirm this, I can see the problem. /etc/apparmor.d/sbin.dhclient has the following rules:
  # NetworkManager
  ...
  /var/lib/NetworkManager/dhclient-*.conf lrw,
  /var/lib/NetworkManager/dhclient*.lease* lrw,

Note the first should be in your environment:
  /var/lib/NetworkManager/dhclient*.conf lrw,

Can you describe your setup? Is it IPv6 only? Dual-stack?

affects: apparmor (Ubuntu) → isc-dhcp (Ubuntu)
Changed in isc-dhcp (Ubuntu):
status: New → Triaged
Changed in isc-dhcp (Ubuntu):
status: Triaged → In Progress
assignee: nobody → Jamie Strandboge (jdstrand)
summary: - Ubuntu boot slow
+ apparmor denial for /var/lib/NetworkManager/dhclient6-eth0.conf
Changed in isc-dhcp (Ubuntu Raring):
status: New → Triaged
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package isc-dhcp - 4.2.4-6ubuntu2

---------------
isc-dhcp (4.2.4-6ubuntu2) saucy-proposed; urgency=low

  * debian/apparmor-profile.dhclient: use dhclient*.conf instead of
    dhclient-*.conf for NetworkManager to work with certain IPv6
    configurations (LP: #1180516)
 -- Jamie Strandboge <email address hidden> Wed, 15 May 2013 15:04:21 -0500

Changed in isc-dhcp (Ubuntu Saucy):
status: In Progress → Fix Released
Revision history for this message
Freeman (brechtgijbels-gmail) wrote :

Thank you for the feedback. Is there a possibility that I can install the package 'isc-dhcp - 4.2.4-6ubuntu2' to test if this really resolves my issue? Thank you very much for pointing me to the right location where I can find it, and I'll report back asap.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Freeman, you can edit /etc/apparmor.d/sbin.dhclient and change this line:
  /var/lib/NetworkManager/dhclient-*.conf lrw,

to be:
  /var/lib/NetworkManager/dhclient*.conf lrw,

Then run:
$ sudo apparmor_parser -r /etc/apparmor.d/sbin.dhclient

Reboot and see if it works.

Revision history for this message
Felix Geyer (debfx) wrote :

I can confirm that changing that line fixes the problem on raring.

Revision history for this message
Rolf Leggewie (r0lf) wrote :

raring has seen the end of its life and is no longer receiving any updates. Marking the raring task for this ticket as "Won't Fix".

Changed in isc-dhcp (Ubuntu Raring):
status: Triaged → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.