dhcpd sometimes says "Can't create new lease file: Permission denied"

Bug #1184914 reported by Jeroen T. Vermeulen on 2013-05-28
18
This bug affects 3 people
Affects Status Importance Assigned to Milestone
MAAS
Undecided
Unassigned
maas (Ubuntu)
Undecided
Julian Edwards

Bug Description

I don't think we ever quite figured this out. It doesn't seem to do any immediate harm, and the leases file still seems to get rewritten during startup as you'd expect, but obviously it's ugly and a potential harbinger of problems in the real world.

The error may be related to the change in isc-dhcpd's permissions and ownership assumptions after Precise, and the changes we made in response to that.

Related branches

Julian Edwards (julian-edwards) wrote :

This needs more investigation so we have details on what conditions make it happen.

Changed in maas:
status: New → Incomplete
Launchpad Janitor (janitor) wrote :

[Expired for MAAS because there has been no activity for 60 days.]

Changed in maas:
status: Incomplete → Expired
Andreas Hasenack (ahasenack) wrote :

I see this all the time:

root@atlas:~# grep dhcpd /var/log/syslog|grep -v DHCP
Sep 8 07:56:54 atlas dhcpd: Can't create new lease file: Permission denied
Sep 8 09:04:27 atlas dhcpd: Can't create new lease file: Permission denied
Sep 8 10:59:04 atlas dhcpd: Can't create new lease file: Permission denied
Sep 8 12:49:18 atlas dhcpd: Can't create new lease file: Permission denied
Sep 8 13:57:24 atlas dhcpd: Can't create new lease file: Permission denied
Sep 8 15:00:21 atlas dhcpd: Can't create new lease file: Permission denied
Sep 8 16:02:56 atlas dhcpd: Can't create new lease file: Permission denied
Sep 8 17:17:27 atlas dhcpd: Can't create new lease file: Permission denied
Sep 8 18:36:27 atlas dhcpd: Can't create new lease file: Permission denied
Sep 8 19:37:46 atlas dhcpd: Can't create new lease file: Permission denied
Sep 8 20:45:15 atlas dhcpd: Can't create new lease file: Permission denied

dhcpd runs as user "dhcpd":
dhcpd 64226 0.0 0.0 26304 7352 ? Ss Sep05 0:03 /usr/sbin/dhcpd -user dhcpd -group dhcpd -f -q -4 -pf /run/maas/dhcp/dhcpd.pid -cf /etc/maas/dhcpd.conf -lf /var/lib/maas/dhcp/dhcpd.leases eth0

The /var/lib/maas/dhcp directory is owned by root, so dhcpd cannot create new files in there:

root@atlas:~# ls -la /var/lib/maas/dhcp -d
drwxr-xr-x 2 root root 4096 Sep 5 19:12 /var/lib/maas/dhcp

The lease file is owned by root, but maybe dhcp starts off as root, opens it, and then drops privileges.

Changed in maas:
status: Expired → New
Andreas Hasenack (ahasenack) wrote :

This with maas 1.6.1+bzr2550-0ubuntu1~ppa2 on trusty.

tags: added: cloud-installer landscape
Andres Rodriguez (andreserl) wrote :

Was this a clean install? Was this an upgrade?

On Mon, Sep 8, 2014 at 7:00 PM, Andres Rodriguez <email address hidden>
wrote:

> Was this a clean install? Was this an upgrade?
>

Clean install done on Sep 5th, 2014.

Julian Edwards (julian-edwards) wrote :

Definitely a packaging bug so I'll reassign to the right task.

Changed in maas:
status: New → Invalid
Andres Rodriguez (andreserl) wrote :

Are you running any isc-dhcp server from PPA or even apparmor?

Jeroen T. Vermeulen (jtv) wrote :

Could this be bug 1186662? The main packaging branch has a workaround for that which is worth a try.

It's a matter of adding this line to /etc/apparmor.d/dhcpd.d/maas:

    capability dac_override,

...and then reloading the apparmor config.

That looks like it indeed. We can work around it with that dac_override for now, but it looks like a fix is needed in dhcpd itself, let's watch and see.

Changed in maas (Ubuntu):
status: New → In Progress
assignee: nobody → Julian Edwards (julian-edwards)
Changed in maas (Ubuntu):
status: In Progress → Fix Committed
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers