It turns out that I had(ve) apparmor disabled while working on this problem, but the new dhcpd needs a slight change to its profile in order to work. Here is what I saw with apparmor enabled:
Chris and Garrett on our side pointed at the solution of adding:
capability dac_override,
to the /etc/apparmod.d/usr.sbin.dhcpd profile. Once I added this, rebooted and tried again, eucalyptus is able to run the dhcpd process on instance start.
It turns out that I had(ve) apparmor disabled while working on this problem, but the new dhcpd needs a slight change to its profile in order to work. Here is what I saw with apparmor enabled:
root@eucahost- 4-243:/ var/log/ eucalyptus# dmesg 2.358:24) : apparmor="DENIED" operation=\ "/usr/sbin/ dhcpd" pid=10293 comm="dhcpd" capabil\ "dac_override"
[ 800.347860] type=1400 audit(130083224
"capable" parent=10292 profile=
ity=1 capname=
Chris and Garrett on our side pointed at the solution of adding:
capability dac_override,
to the /etc/apparmod. d/usr.sbin. dhcpd profile. Once I added this, rebooted and tried again, eucalyptus is able to run the dhcpd process on instance start.
Regards,
-Dan