dhcpd sometimes says "Can't create new lease file: Permission denied"
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| | MAAS |
Undecided
|
Unassigned | ||
| | maas (Ubuntu) |
Undecided
|
Julian Edwards | ||
Bug Description
I don't think we ever quite figured this out. It doesn't seem to do any immediate harm, and the leases file still seems to get rewritten during startup as you'd expect, but obviously it's ugly and a potential harbinger of problems in the real world.
The error may be related to the change in isc-dhcpd's permissions and ownership assumptions after Precise, and the changes we made in response to that.
Related branches
- Jeroen T. Vermeulen (community): Approve on 2014-09-09
-
Diff: 36 lines (+16/-3)2 files modifieddebian/changelog (+12/-3)
debian/maas-dhcp.apparmor (+4/-0)
| Launchpad Janitor (janitor) wrote : | #2 |
[Expired for MAAS because there has been no activity for 60 days.]
| Changed in maas: | |
| status: | Incomplete → Expired |
| Andreas Hasenack (ahasenack) wrote : | #3 |
I see this all the time:
root@atlas:~# grep dhcpd /var/log/
Sep 8 07:56:54 atlas dhcpd: Can't create new lease file: Permission denied
Sep 8 09:04:27 atlas dhcpd: Can't create new lease file: Permission denied
Sep 8 10:59:04 atlas dhcpd: Can't create new lease file: Permission denied
Sep 8 12:49:18 atlas dhcpd: Can't create new lease file: Permission denied
Sep 8 13:57:24 atlas dhcpd: Can't create new lease file: Permission denied
Sep 8 15:00:21 atlas dhcpd: Can't create new lease file: Permission denied
Sep 8 16:02:56 atlas dhcpd: Can't create new lease file: Permission denied
Sep 8 17:17:27 atlas dhcpd: Can't create new lease file: Permission denied
Sep 8 18:36:27 atlas dhcpd: Can't create new lease file: Permission denied
Sep 8 19:37:46 atlas dhcpd: Can't create new lease file: Permission denied
Sep 8 20:45:15 atlas dhcpd: Can't create new lease file: Permission denied
dhcpd runs as user "dhcpd":
dhcpd 64226 0.0 0.0 26304 7352 ? Ss Sep05 0:03 /usr/sbin/dhcpd -user dhcpd -group dhcpd -f -q -4 -pf /run/maas/
The /var/lib/maas/dhcp directory is owned by root, so dhcpd cannot create new files in there:
root@atlas:~# ls -la /var/lib/maas/dhcp -d
drwxr-xr-x 2 root root 4096 Sep 5 19:12 /var/lib/maas/dhcp
The lease file is owned by root, but maybe dhcp starts off as root, opens it, and then drops privileges.
| Changed in maas: | |
| status: | Expired → New |
| Andreas Hasenack (ahasenack) wrote : | #4 |
This with maas 1.6.1+bzr2550-
| tags: | added: cloud-installer landscape |
| Andres Rodriguez (andreserl) wrote : | #5 |
Was this a clean install? Was this an upgrade?
| Andreas Hasenack (ahasenack) wrote : Re: [Bug 1184914] Re: dhcpd sometimes says "Can't create new lease file: Permission denied" | #6 |
On Mon, Sep 8, 2014 at 7:00 PM, Andres Rodriguez <email address hidden>
wrote:
> Was this a clean install? Was this an upgrade?
>
Clean install done on Sep 5th, 2014.
| Julian Edwards (julian-edwards) wrote : | #7 |
Definitely a packaging bug so I'll reassign to the right task.
| Changed in maas: | |
| status: | New → Invalid |
| Andres Rodriguez (andreserl) wrote : | #8 |
Are you running any isc-dhcp server from PPA or even apparmor?
| Jeroen T. Vermeulen (jtv) wrote : | #9 |
Could this be bug 1186662? The main packaging branch has a workaround for that which is worth a try.
It's a matter of adding this line to /etc/apparmor.
capability dac_override,
...and then reloading the apparmor config.
| Julian Edwards (julian-edwards) wrote : | #10 |
That looks like it indeed. We can work around it with that dac_override for now, but it looks like a fix is needed in dhcpd itself, let's watch and see.
| Changed in maas (Ubuntu): | |
| status: | New → In Progress |
| assignee: | nobody → Julian Edwards (julian-edwards) |
| Changed in maas (Ubuntu): | |
| status: | In Progress → Fix Committed |
This needs more investigation so we have details on what conditions make it happen.