Ubuntu
isc-dhcp package

dhclient needs read access to /etc/ssl/openssl.cnf

Bug #1549736 reported by Stefan Bader
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
isc-dhcp (Ubuntu)
Fix Released
High
Jamie Strandboge

Bug Description

Release: Xenial/16.04

syslog shows the following apparmor message:

[ 2329.028426] audit: type=1400 audit(1456387524.080:27): apparmor="DENIED" operation="open" profile="/sbin/dhclient" name="/etc/ssl/openssl.cnf" pid=3660 comm="dhclient" requested_mask="r" denied_mask="r" fsuid=0 ouid=0

Not sure it has any observable impact. For standard installs I did not notice anything. Just saw it when trying to debug another problem.

Stefan Bader (smb)
tags: added: xenial
Jamie Strandboge (jdstrand)
tags: added: apparmor
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Uploaded 4.3.3-5ubuntu8 to xenial.

Changed in isc-dhcp (Ubuntu):
status: New → Triaged
importance: Undecided → High
assignee: nobody → Jamie Strandboge (jdstrand)
status: Triaged → In Progress
status: In Progress → Fix Committed
Revision history for this message
Doug Smythies (dsmythies) wrote :

4.3.3-5ubuntu8 does fix the apparmor issue. However, now my IP address lease does not renew.

Revision history for this message
Stefan Bader (smb) wrote :

Maybe not caused by apparmor. I just filed bug 1551351 about that effect.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

This is fixed in 4.3.3-5ubuntu8, but I referenced the wrong bug in that changelog so this didn't autoclose.

Changed in isc-dhcp (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.