Ubuntu
dhcp3 package

[jaunty] no internet connection: dhclient-script cannot be execve'd

Bug #332521 reported by Matteo Settenvini
18
This bug affects 2 people
Affects Status Importance Assigned to Milestone
dhcp3 (Ubuntu)
Fix Released
Undecided
Jamie Strandboge

Bug Description

Description: Ubuntu jaunty (development branch)
Release: 9.04
Linux Dahlia 2.6.27-1-powerpc64-smp #1 SMP Fri Nov 7 02:34:19 UTC 2008 ppc64 GNU/Linux

After today updates, I find myself unable to have dhcp working (thus, also networkmanager doesn't work).

If I run manually "dchlient eth1", I get:

root@Dahlia:/var/cache/apt/archives# dhclient eth1
There is already a pid file /var/run/dhclient.pid with pid 9119
killed old client process, removed PID file
Internet Systems Consortium DHCP Client V3.1.1
Copyright 2004-2008 Internet Systems Consortium.
All rights reserved.
For info, please visit http://www.isc.org/sw/dhcp/

execve (/sbin/dhclient-script, ...): Permission denied
Listening on LPF/eth1/00:11:24:70:fe:6e
Sending on LPF/eth1/00:11:24:70:fe:6e
Sending on Socket/fallback
DHCPREQUEST of 192.168.1.215 on eth1 to 255.255.255.255 port 67
DHCPACK of 192.168.1.215 from 192.168.1.1
execve (/sbin/dhclient-script, ...): Permission denied
bound to 192.168.1.215 -- renewal in 9772 seconds.

So, I tried running manually dhclient-script as root:

root@Dahlia:~# /sbin/dhclient-script
bash: /sbin/dhclient-script: /bin/bash: bad interpreter: Permission denied

However:

root@Dahlia:~# ls -l /sbin/dhclient-script
-rwxr-xr-x 1 root root 8714 2009-02-19 18:50 /sbin/dhclient-script

and:

root@Dahlia:~# head -n 1 /sbin/dhclient-script
#!/bin/bash
root@Dahlia:~# ls -l /bin/bash
-rwxr-xr-x 1 root root 842096 2008-05-12 20:49 /bin/bash

WTF is going on???

Revision history for this message
Matteo Settenvini (tchernobog) wrote :

My dmesg shows up the problem: dhclient-script profile doesn't allow for accessing some files.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

I cannot reproduce this. /sbin/dhclient and /sbin/dhclient-script work just fine under apparmor. What version of dhcp3-client do you have? Can you post your /etc/apparmor.d/sbin.dhclient file as well as the output of 'sudo aa-status'?

Changed in dhcp3:
assignee: nobody → jdstrand
status: New → Incomplete
Revision history for this message
Matteo Settenvini (tchernobog) wrote :

dpkg -l dhcp3-client
dhcp3-client 3.1.1-5ubuntu5 DHCP client

matteo@Dahlia:~$ sudo aa-status
[sudo] password for matteo:
apparmor module is loaded.
8 profiles are loaded.
8 profiles are in enforce mode.
   /usr/share/gdm/guest-session/Xsession
   /usr/sbin/tcpdump
   /usr/lib/cups/backend/cups-pdf
   /usr/sbin/mysqld
   /sbin/dhclient3
   /usr/sbin/cupsd
   /sbin/dhclient-script
   /usr/lib/NetworkManager/nm-dhcp-client.action
0 profiles are in complain mode.
2 processes have profiles defined.
2 processes are in enforce mode :
   /usr/sbin/cupsd (4598)
   /usr/sbin/mysqld (4483)
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.

Changed in dhcp3:
status: Incomplete → New
Revision history for this message
Matteo Settenvini (tchernobog) wrote :

root@Dahlia:/home/matteo# strace dhclient-script
execve("/sbin/dhclient-script", ["dhclient-script"], [/* 25 vars */]) = -1 EACCES (Permission denied)
dup(2) = 3
fcntl64(3, F_GETFL) = 0x2 (flags O_RDWR)
fstat64(3, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 0), ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xf7ffb000
_llseek(3, 0, 0xff8af298, SEEK_CUR) = -1 ESPIPE (Illegal seek)
write(3, "strace: exec: Permission denied\n"..., 32strace: exec: Permission denied
) = 32
close(3) = 0
munmap(0xf7ffb000, 4096) = 0
exit_group(1)

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Can you list the contents of the /etc/apparmor.d directory?

Changed in dhcp3:
status: New → Incomplete
Revision history for this message
Matteo Settenvini (tchernobog) wrote :

Now version 3.1.1-5ubuntu6 is installed. Same problem.

matteo@Dahlia:~$ ls -R /etc/apparmor.d
/etc/apparmor.d:
abstractions gdm-guest-session usr.sbin.cupsd
disable sbin.dhclient3 usr.sbin.mysqld
force-complain tunables usr.sbin.tcpdump

/etc/apparmor.d/abstractions:
aspell freedesktop.org nis ssl_certs web-data
audio gnome nvidia ssl_keys winbind
authentication gnupg orbit2 svn-repositories wutmp
base kde perl user-download X
bash kerberosclient php5 user-mail xad
consoles likewise python user-manpages
cups-client mdns ruby user-tmp
dbus mysql samba user-write
fonts nameservice smbpass video

/etc/apparmor.d/disable:

/etc/apparmor.d/force-complain:

/etc/apparmor.d/tunables:
global home ntpd proc

Changed in dhcp3:
status: Incomplete → New
Revision history for this message
Matteo Settenvini (tchernobog) wrote :

Seems to have been recently fixed in Jaunty PPC. Don't know exactly with which package, but now it works.

Changed in dhcp3:
status: New → Fix Released
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

That is excellent news. I thought it might be PPC specific as well, and just got my hands on a PPC machine to test it out. Thanks for your feedback.

Revision history for this message
Alejandro Bonilla (petarro) wrote :

Im having this issue with Jaunty with the eeepc kernel. I opened bug 343898. Please fix! :)

Revision history for this message
abrahamcovelo (abraham-covelo) wrote :

I have solved the problem in eeepc with Jaunty. And I think is the same problem found with other PCs. Specific permissions per program in /etc/apparmor.d/sbin.dhclient3 prevent dhcp3 to be execve'd. As a workaround I move this file out and restarted apparmor (so far I have info about the syntax of this configuration file to solve the issue properly):

/etc/init.d/apparmor restart

The problem is fixed now

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.