Ubuntu
isc-dhcp package

dhcpd attempts to use /var/run/dhcpd.pid, AppArmor errors

Bug #974054 reported by Ryan Finnie on 2012-04-05

This bug report is a duplicate of: Bug #985417: dhcpd cannot write /var/run/dhcpd.pid. Edit Remove

46

This bug affects 8 people

Affects		Status	Importance	Assigned to	Milestone
	isc-dhcp (Ubuntu)	Fix Released	High	Jamie Strandboge	Ubuntu ubuntu-12.04
Declined for Lucid by Micah Gersten
	Oneiric	Confirmed	Undecided	Unassigned

Bug Description

SRU:

[Impact]
Anyone attempting to use isc-dhcp will fail to start if apparmor is enabled.

[Development Fix]
Addition to AppArmor rules for dhcp:
- allow writes to the compiled in default pid file
- allow reads to /var/lib/wicd/*

[Stable Fix]
Precise revision: http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/precise/isc-dhcp/precise/revision/45
Also attached debdiff for review and inclusion into Oneiric.

[Test Case]
Install isc-dhcp on Oneiric and attempt to run service through normal initialization routines.

[Regression Potential]
Regression is minimal since this only increases the scope of what is writeable and readable by dhcp service.

Bug Description:
When starting isc-dhcp-server, the following appears in syslog:

Apr 5 01:20:06 nibbler dhcpd: Can't create PID file /var/run/dhcpd.pid: Permission denied.
Apr 5 01:20:06 nibbler kernel: [293336.249992] type=1400 audit(1333614006.094:47): apparmor="DENIED" operation="mknod" parent=1 profile="/usr/sbin/dhcpd" name="/run/dhcpd.pid" pid=12427 comm="dhcpd" requested_mask="c" denied_mask="c" fsuid=107 ouid=107

Even when adding to dhcpd.conf:

pid-file-name "/var/run/dhcp-server/dhcpd.pid";

it produces:

Apr 5 01:33:39 nibbler kernel: [294149.878702] type=1400 audit(1333614819.902:48): apparmor="DENIED" operation="open" parent=1 profile="/usr/sbin/dhcpd" name="/run/dhcp-server/dhcpd.pid" pid=13392 comm="dhcpd" requested_mask="r" denied_mask="r" fsuid=107 ouid=107

due to not having read access in the AppArmor profile:

/{,var/}run/dhcp-server/dhcpd{,6}.pid w,

If this is truly where the pid should be, the compiled-in default should be changed, as well as the AppArmor profile tweaked for read access.

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: isc-dhcp-server 4.1.ESV-R4-0ubuntu3
ProcVersionSignature: Ubuntu 3.2.0-21.34-generic 3.2.13
Uname: Linux 3.2.0-21-generic x86_64
ApportVersion: 2.0-0ubuntu4
Architecture: amd64
Date: Thu Apr 5 01:22:25 2012
InstallationMedia: Ubuntu-Server 12.04 LTS "Precise Pangolin" - Beta amd64 (20120229)
ProcEnviron:
TERM=screen
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: isc-dhcp
UpgradeStatus: No upgrade log present (probably fresh install)
modified.conffile..etc.dhcp.dhcpd.conf: [modified]
mtime.conffile..etc.dhcp.dhcpd.conf: 2012-04-05T01:19:58.906748

See original description

Tags:

Related branches

lp:ubuntu/precise/isc-dhcp

Revision history for this message

Ryan Finnie (fo0bar) wrote on 2012-04-05:

#1

Dependencies.txt Edit (795 bytes, text/plain; charset="utf-8")

Revision history for this message

Andy S (andy-speed) wrote on 2012-04-05:

#2

I have the same problem with 12.04 LTS. The issue seems to be that the dhcpd daemon is pointing to the wrong default. I was able to get it working by adding the following to the /etc/init/isc-dhcp-server.conf for the exec line at the bottom. Changing it to:

exec /usr/sbin/dhcpd -f -q -4 -pf /var/run/dhcp-server/dhcpd.pid -cf $CONFIG_FILE $INTERFACES

It then started ok.

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2012-04-05:

#3

Thank you for using Ubuntu and filing a bug. I can confirm this and the apparmor profile should be updated to use the default file location.

Changed in isc-dhcp (Ubuntu):
assignee:	nobody → Jamie Strandboge (jdstrand)
status:	New → In Progress
importance:	Undecided → High
milestone:	none → ubuntu-12.04

Revision history for this message

Launchpad Janitor (janitor) wrote on 2012-04-05:

#4

This bug was fixed in the package isc-dhcp - 4.1.ESV-R4-0ubuntu4

---------------
isc-dhcp (4.1.ESV-R4-0ubuntu4) precise; urgency=low

  * debian/apparmor-profile.dhcpd:
    - allow writes to the compiled in default pid file (LP: #974054)
    - allow reads to /var/lib/wicd/* (LP: #588635)
-- Jamie Strandboge <email address hidden> Thu, 05 Apr 2012 07:19:11 -0500

Changed in isc-dhcp (Ubuntu):
status:	In Progress → Fix Released

Revision history for this message

raerek (raerek) wrote on 2012-04-18:

#5

Today, with a fresh, updated 12.04 amd64 and with isc-dhcp-server 4.1.ESV-R4-0ubuntu5 in the log I still see:

Apr 18 17:42:22 u3 dhcpd: Internet Systems Consortium DHCP Server 4.1-ESV-R4
Apr 18 17:42:22 u3 dhcpd: Copyright 2004-2011 Internet Systems Consortium.
Apr 18 17:42:22 u3 dhcpd: All rights reserved.
Apr 18 17:42:22 u3 dhcpd: For info, please visit https://www.isc.org/software/dhcp/
Apr 18 17:42:22 u3 dhcpd: Internet Systems Consortium DHCP Server 4.1-ESV-R4
Apr 18 17:42:22 u3 dhcpd: Copyright 2004-2011 Internet Systems Consortium.
Apr 18 17:42:22 u3 dhcpd: All rights reserved.
Apr 18 17:42:22 u3 dhcpd: For info, please visit https://www.isc.org/software/dhcp/
Apr 18 17:42:22 u3 dhcpd: Wrote 0 leases to leases file.
Apr 18 17:42:22 u3 dhcpd: Can't create PID file /var/run/dhcpd.pid: Permission denied.

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2012-04-18:

#6

Varga, please file a new bug using 'ubuntu-bug isc-dhcp-server'.

Revision history for this message

raerek (raerek) wrote on 2012-04-19:

#7

https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/985417

Adam Stokes (adam-stokes) on 2012-05-15

no longer affects:

isc-dhcp (Ubuntu Natty)

Revision history for this message

Adam Stokes (adam-stokes) wrote on 2012-05-15:

#8

isc-dhcp_4.1.1-P1-17ubuntu10.2.debdiff Edit (1.3 KiB, text/plain)

Attached debdiff for review and inclusion into Oneiric.

description:

updated

Revision history for this message

Launchpad Janitor (janitor) wrote on 2012-05-22:

#9

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in isc-dhcp (Ubuntu Oneiric):
status:	New → Confirmed

Revision history for this message

Stéphane Graber (stgraber) wrote on 2012-05-30:

#10

Based on other bugs I've seen related to that in precise and quantal, can you confirm that you can restart isc-dhcp-server without an error message in dmesg?

For precise/quantal, just having write permissions to the pid file wasn't enough as on restart, isc-dhcp-server tries to read the previous pid file and fails.

Report a bug

This report contains Public information

Everyone can see this information.

Duplicate of bug #985417 Remove

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

isc-dhcp_4.1.1-P1-17ubuntu10.2.debdiff Edit

Add patch

Bug attachments

Dependencies.txt Edit

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.