Comment 5 for bug 717166

Daniel Nurmi (nurmi) wrote :

It turns out that I had(ve) apparmor disabled while working on this problem, but the new dhcpd needs a slight change to its profile in order to work. Here is what I saw with apparmor enabled:

root@eucahost-4-243:/var/log/eucalyptus# dmesg
[ 800.347860] type=1400 audit(1300832242.358:24): apparmor="DENIED" operation=\
"capable" parent=10292 profile="/usr/sbin/dhcpd" pid=10293 comm="dhcpd" capabil\
ity=1 capname="dac_override"

Chris and Garrett on our side pointed at the solution of adding:

  capability dac_override,

to the /etc/apparmod.d/usr.sbin.dhcpd profile. Once I added this, rebooted and tried again, eucalyptus is able to run the dhcpd process on instance start.