Ubuntu
isc-dhcp package

[BLUEFIELD] dmesg is flooded with apparmor="DENIED" for dhclient messages

Bug #1961413 reported by Vladimir Sokolovsky
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
isc-dhcp (Ubuntu)
New
Undecided
Unassigned

Bug Description

Ubuntu 20.04.3
Kernel: 5.4.0-1028-bluefield

ii isc-dhcp-client 4.4.1-2.1ubuntu5.20.04.2 arm64 DHCP client for automatically obtaining an IP address
ii isc-dhcp-common 4.4.1-2.1ubuntu5.20.04.2 arm64 common manpages relevant to all of the isc-dhcp packages

ii apparmor 2.13.3-7ubuntu5.1 arm64 user-space parser utility for AppArmor
ii libapparmor1:arm64 2.13.3-7ubuntu5.1 arm64 changehat AppArmor library

ii network-manager 1.22.10-1ubuntu2.3 arm64 network management framework (daemon and userspace tools)

Configuration:
--------------
# cat /etc/netplan/50-cloud-init.yaml
# This file is generated from information provided by the datasource. Changes
# to it will not persist across an instance reboot. To disable cloud-init's
# network configuration capabilities, write a file
# /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following:
# network: {config: disabled}
network:
    ethernets:
        oob_net0:
            dhcp4: true
        tmfifo_net0:
            addresses:
            - 192.168.100.2/30
            dhcp4: false
            nameservers:
                addresses:
                - 192.168.100.1
            routes:
            - metric: 1025
                to: 0.0.0.0/0
                via: 192.168.100.1
    renderer: NetworkManager
    version: 2

Dmesg:
-----
[59685.099760] audit: type=1400 audit(1645193286.508:2011): apparmor="DENIED" operation="open" profile="/{,usr/}sbin/dhclient" name="/proc/103303/task/103306/comm" pid=103303 comm="dhclient" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0
[59685.148687] audit: type=1400 audit(1645193286.560:2012): apparmor="DENIED" operation="mknod" profile="/{,usr/}sbin/dhclient" name="/run/NetworkManager/dhclient-oob_net0.pid" pid=103303 comm="dhclient" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
[59926.641500] audit: type=1400 audit(1645193528.052:2013): apparmor="DENIED" operation="open" profile="/{,usr/}sbin/dhclient" name="/proc/104083/task/104084/comm" pid=104083 comm="dhclient" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0
[59926.641685] audit: type=1400 audit(1645193528.052:2014): apparmor="DENIED" operation="open" profile="/{,usr/}sbin/dhclient" name="/proc/104083/task/104085/comm" pid=104083 comm="dhclient" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0
[59926.641776] audit: type=1400 audit(1645193528.052:2015): apparmor="DENIED" operation="open" profile="/{,usr/}sbin/dhclient" name="/proc/104083/task/104086/comm" pid=104083 comm="dhclient" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0
[59931.623506] audit: type=1400 audit(1645193533.032:2016): apparmor="DENIED" operation="open" profile="/{,usr/}sbin/dhclient" name="/proc/104158/task/104159/comm" pid=104158 comm="dhclient" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0
[59931.623665] audit: type=1400 audit(1645193533.032:2017): apparmor="DENIED" operation="open" profile="/{,usr/}sbin/dhclient" name="/proc/104158/task/104160/comm" pid=104158 comm="dhclient" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0
[59931.623758] audit: type=1400 audit(1645193533.032:2018): apparmor="DENIED" operation="open" profile="/{,usr/}sbin/dhclient" name="/proc/104158/task/104161/comm" pid=104158 comm="dhclient" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0
[60030.017642] audit: type=1400 audit(1645193631.428:2019): apparmor="DENIED" operation="open" profile="/{,usr/}sbin/dhclient" name="/proc/104353/task/104354/comm" pid=104353 comm="dhclient" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0
[60030.017810] audit: type=1400 audit(1645193631.428:2020): apparmor="DENIED" operation="open" profile="/{,usr/}sbin/dhclient" name="/proc/104353/task/104355/comm" pid=104353 comm="dhclient" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0
[60030.017907] audit: type=1400 audit(1645193631.428:2021): apparmor="DENIED" operation="open" profile="/{,usr/}sbin/dhclient" name="/proc/104353/task/104356/comm" pid=104353 comm="dhclient" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0
[60030.073115] audit: type=1400 audit(1645193631.484:2022): apparmor="DENIED" operation="mknod" profile="/{,usr/}sbin/dhclient" name="/run/NetworkManager/dhclient-oob_net0.pid" pid=104353 comm="dhclient" requested_mask="c" denied_mask="c" fsuid=0 ouid=0

Revision history for this message
Daniel Richard G. (skunk) wrote (last edit ):

Note that the /proc/XXXXXX/task/YYYYYY/comm denials are addressed in LP: #1918410.

That leaves two of this sort:

    audit: type=1400 audit(1645193286.560:2012): apparmor="DENIED" operation="mknod" profile="/{,usr/}sbin/dhclient" name="/run/NetworkManager/dhclient-oob_net0.pid" pid=103303 comm="dhclient" requested_mask="c" denied_mask="c" fsuid=0 ouid=0

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.