Ubuntu
dhcdbd package

Missing dbus permission for dhcp

Bug #54817 reported by Rafael D'Halleweyn
2
Affects Status Importance Assigned to Milestone
dhcdbd (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

Binary package hint: dhcdbd

On my system dhclient runs as the user "dhcp". But when it tries to send messages to dhcdbd through dbus, this fails, because it doesn't have the right permission.

I added the following to /etc/dbus-1/system.d/dhcdbd.conf:
    <policy user="dhcp">
            <allow own="com.redhat.dhcp"/>
            <allow send_interface="com.redhat.dhcp"/>
            <allow send_destination="com.redhat.dhcp"/>
    </policy>

This seems to work better now.

Revision history for this message
Rafael D'Halleweyn (list-noduck) wrote :

Bug #51283 might be related.

Revision history for this message
Scott James Remnant (Canonical) (canonical-scott) wrote :

The dhclient-script runs as root, no?

Revision history for this message
Rafael D'Halleweyn (list-noduck) wrote :

# ps aux | grep dhcli
dhcp 14697 0.0 0.1 2408 1196 ? S 13:34 0:00 /sbin/dhclient -1 -lf /var/lib/dhcp3/dhclient.eth0.leases -pf /var/run/dhclient.eth0.pid -q -e dhc_dbus=31 -d eth0

The Debian/Ubuntu dhcp3 package includes two patches droppriv.dpatch and deroot-client.dpatch that perform a setuid to dhcp.

Revision history for this message
Rafael D'Halleweyn (list-noduck) wrote :

Okay, you must be right: /lib/dhcp3-client/call-dhclient-script is +s for root

Revision history for this message
Rafael D'Halleweyn (list-noduck) wrote :

I guess my mistake was to uncomment

#script "/etc/dhcp3/dhclient-script";

in dhclient.conf. I guess when you do that dhclient-script really runs as dhcp, not as root. It all goes downhill from there.

I'll test this tomorrow.

Scott James Remnant (Canonical) (canonical-scott)
Changed in dhcdbd:
status: Unconfirmed → Rejected
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.