dhcpd attempts to use /var/run/dhcpd.pid, AppArmor errors
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
isc-dhcp (Ubuntu) |
Fix Released
|
High
|
Jamie Strandboge | ||
Oneiric |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
SRU:
[Impact]
Anyone attempting to use isc-dhcp will fail to start if apparmor is enabled.
[Development Fix]
Addition to AppArmor rules for dhcp:
- allow writes to the compiled in default pid file
- allow reads to /var/lib/wicd/*
[Stable Fix]
Precise revision: http://
Also attached debdiff for review and inclusion into Oneiric.
[Test Case]
Install isc-dhcp on Oneiric and attempt to run service through normal initialization routines.
[Regression Potential]
Regression is minimal since this only increases the scope of what is writeable and readable by dhcp service.
Bug Description:
When starting isc-dhcp-server, the following appears in syslog:
Apr 5 01:20:06 nibbler dhcpd: Can't create PID file /var/run/dhcpd.pid: Permission denied.
Apr 5 01:20:06 nibbler kernel: [293336.249992] type=1400 audit(133361400
Even when adding to dhcpd.conf:
pid-file-name "/var/run/
it produces:
Apr 5 01:33:39 nibbler kernel: [294149.878702] type=1400 audit(133361481
due to not having read access in the AppArmor profile:
/{,var/
If this is truly where the pid should be, the compiled-in default should be changed, as well as the AppArmor profile tweaked for read access.
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: isc-dhcp-server 4.1.ESV-R4-0ubuntu3
ProcVersionSign
Uname: Linux 3.2.0-21-generic x86_64
ApportVersion: 2.0-0ubuntu4
Architecture: amd64
Date: Thu Apr 5 01:22:25 2012
InstallationMedia: Ubuntu-Server 12.04 LTS "Precise Pangolin" - Beta amd64 (20120229)
ProcEnviron:
TERM=screen
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: isc-dhcp
UpgradeStatus: No upgrade log present (probably fresh install)
modified.
mtime.conffile.
Related branches
no longer affects: | isc-dhcp (Ubuntu Natty) |
I have the same problem with 12.04 LTS. The issue seems to be that the dhcpd daemon is pointing to the wrong default. I was able to get it working by adding the following to the /etc/init/ isc-dhcp- server. conf for the exec line at the bottom. Changing it to:
exec /usr/sbin/dhcpd -f -q -4 -pf /var/run/ dhcp-server/ dhcpd.pid -cf $CONFIG_FILE $INTERFACES
It then started ok.