dhclient-script apparmor issues

Thank you for reporting this problem, it helps us make Ubuntu better. Please answer a few questions:

1. Please list the exact steps we need to take to reproduce this bahavior.
2. How often does this behavior happen? Always, most of the time or occasionally?

This will help, thank you

I simply upgraded from 8.10 to jaunty. It happens every time I want to use NM or invoke dhclient. It looks like apparmor is blocking users from using dhclient. Even root. (It always happens, unless I stop apparmor)

Same here. execv cannot launch dhcp-script unless apparmor is stopped.

I have an HP Mininote 2133, I was running 8.10, with both wifi and ethernet working fine, and upgraded to 9.04 beta, I get what seems to be this error.

Disabling apparmor for for dhcp fixed it.

As described here:
https://help.ubuntu.com/community/AppArmor#Disable%20one%20profile

Thank you for taking the time to report this bug and helping to make Ubuntu better. To help fix the bug, please follow the instructions found in https://wiki.ubuntu.com/DebuggingApparmor. This will greatly help us in tracking down your problem.

Thanks.

Ronald Pottol wrote on 2009-03-30:
"Disabling apparmor for for dhcp fixed it.

As described here:
https://help.ubuntu.com/community/AppArmor#Disable%20one%20profile"

worked wonderful.

I'm glad people are working around this, but it would be great if people could follow https://wiki.ubuntu.com/DebuggingApparmor and give the necessary information to fix this for everyone, so you can keep AppArmor protection.

This bug should fully be fixed now that apparmor is in the initramfs and ifupdown is careful about loading the profile before dhclient3 starts. Closing due to no activity. Please feel free to open a new bug if you continue to have problems.

Jamie, I continue to have this problem.

Here is an example what I get logged to /var/log/kern.log

type=1503 audit(1254319799.833:61): operation="inode_permission" requested_mask="r::" denied_mask="r::" fsuid=0 name="/bin/bash" pid=9551 profile="/sbin/dhclient-script"

Could you please elaborate on how to put apparmor in the initramfs? Also, how would I make sure that ifupdown loads the profile before dhclient3 starts?

Thanks

severin,

You don't have to do anything on 9.10. 9.04 had logic for handling ifupdown (which is why you are seeing the problem).

Can you please perform:
$ sudo apport-collect -p apparmor 343898

Jamie,

I am running jaunty (ie. 9.4) not karmic. BTW. it's an eeePc with custom kernel. I ran
$ sudo apport-collect -p apparmor 343898

(twice actually) and this is what I got in response
Logging into Launchpad...
Downloading bug...
Bug title: dhclient-script apparmor issues
Collecting apport information for source package apparmor...
Uploading additional information to Launchpad bug...
   short text data...
Error connecting to Launchpad: HTTP Error 401: Unauthorized

Actually, you gave enough information to know what the problem is. The apparmor profile in 9.04 is specific to the 2.6.28 kernel as included in Ubuntu. There was a bug in the kernel that is worked around in the apparmor profile. This is bug #400349. For people who are using a non-Ubuntu kernel on Ubuntu 9.04 and are seeing this bug, I recommend either using the apparmor profile from dhcp3-client 3.1.2-1ubuntu5 (in Ubuntu 9.10) or disabling the dhclient3 profile (sudo ln -s /etc/apparmor.d/sbin.dhclient3 /etc/apparmor.d/disable) until you can upgrade to Ubuntu 9.10.

Architecture: i386
DistroRelease: Ubuntu 9.04
KernLog:

Package: apparmor 2.3+1289-0ubuntu14
PackageArchitecture: i386
ProcCmdline: root=UUID=5020ce9c-1f03-4185-aeab-afdab891eadd ro quiet splash
ProcEnviron:
 SHELL=/bin/bash
 PATH=(custom, no user)
 LANG=en_US.UTF-8
ProcVersionSignature: Ubuntu 2.6.28-15.52-generic
Uname: Linux 2.6.28-15-generic i686
UserGroups: