in the ec2 datasource, cloud-init runs dhclient from a tmp file in order to avoid apparmor restrictions and side affects.
In a change for bug 1707222 we started using /run/cloud-init for tmpfiles. /run is mounted noexec. See example:
$ sudo /run/cloud-init/tmp/dhclient -1 -v -lf /run/cloud-init/tmp/cloud-init-dhcp-bs6g4xkw/dhcp.leases -pf /run/cloud-init/tmp/cloud-init-dhcp-bs6g4xkw/dhclient.pid eth0 -sf /bin/true sudo: unable to execute /run/cloud-init/tmp/dhclient: Permission denied
So, we need a tmp file in a place that allows execution.
in the ec2 datasource, cloud-init runs dhclient from a tmp file in order to avoid apparmor restrictions and side affects.
In a change for bug 1707222 we started using /run/cloud-init for tmpfiles.
/run is mounted noexec. See example:
$ sudo /run/cloud- init/tmp/ dhclient -1 -v -lf /run/cloud- init/tmp/ cloud-init- dhcp-bs6g4xkw/ dhcp.leases -pf /run/cloud- init/tmp/ cloud-init- dhcp-bs6g4xkw/ dhclient. pid eth0 -sf /bin/true init/tmp/ dhclient: Permission denied
sudo: unable to execute /run/cloud-
So, we need a tmp file in a place that allows execution.