apparmor denied operation file_inherit from networkmanager when using HWE kernel
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
isc-dhcp (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Trusty |
Fix Released
|
High
|
Unassigned | ||
Vivid |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[Impact]
AppArmor denials appear in dhclient when using using HWE kernel on 14.04. This can result in incorrect dhcp operation on client systems. The fix is to add these rules:
network inet dgram,
network inet6 dgram,
to the dhclient profile for nm-dhcp-
[Test Case]
Install HWE kernel and use network manager to obtain an IP address.
[Regression Potential]
Extremely low since the update only adds access that dhclient didn't have.
Original description:
Hallo,
on Kubuntu 14.04.x dmesg shows me the following apparmor messages;
Is this normal or is this a security issue together with network-manager?
[ 16.171766] audit: type=1400 audit(142259568
[ 16.171772] audit: type=1400 audit(142259568
[ 16.199936] audit: type=1400 audit(142259568
[ 16.199943] audit: type=1400 audit(142259568
[ 16.201369] audit: type=1400 audit(142259568
[ 16.201379] audit: type=1400 audit(142259568
[ 17.206342] audit: type=1400 audit(142259568
[ 17.206349] audit: type=1400 audit(142259568
When I logon to KDE, KDE hangs sometimes for 3sec at the login-process , when there is no internet connection (DSL modem did not dial-in yet).
Thanks for your help!
Best regards, Bernhard
tags: | added: 14.04 apparmor manager network trusty |
tags: |
added: networkmanager removed: manager network |
no longer affects: | apparmor (Ubuntu) |
summary: |
- apparmor denied operation file_inherit from networkmanager + apparmor denied operation file_inherit from networkmanager when using + HWE kernel |
Changed in isc-dhcp (Ubuntu Vivid): | |
status: | Confirmed → Fix Released |
Changed in isc-dhcp (Ubuntu Trusty): | |
status: | New → Triaged |
Changed in isc-dhcp (Ubuntu Trusty): | |
importance: | Undecided → High |
assignee: | nobody → Jamie Strandboge (jdstrand) |
Status changed to 'Confirmed' because the bug affects multiple users.