Ubuntu
isc-dhcp package

Bug #1417658
Activity log

Activity log for bug #1417658

Date	Who	What changed	Old value	New value	Message
2015-02-03 16:51:24	stargazer	bug			added bug
2015-02-03 16:51:50	stargazer	tags		14.04 apparmor manager network trusty
2015-02-03 16:52:05	stargazer	tags	14.04 apparmor manager network trusty	14.04 apparmor networkmanager trusty
2015-02-23 09:46:52	Launchpad Janitor	apparmor (Ubuntu): status	New	Confirmed
2015-03-10 11:34:32	Chris Davies	bug			added subscriber Chris Davies
2015-03-22 21:48:43	Ivan Frederiks	bug			added subscriber Ivan Frederiks
2015-03-30 14:03:12	alp	bug			added subscriber Jamie Strandboge
2015-03-30 14:16:02	alp	bug task added		isc-dhcp (Ubuntu)
2015-03-30 15:43:25	Launchpad Janitor	isc-dhcp (Ubuntu): status	New	Confirmed
2015-03-30 17:18:13	Jamie Strandboge	bug task deleted	apparmor (Ubuntu)
2015-03-30 17:18:24	Jamie Strandboge	summary	apparmor denied operation file_inherit from networkmanager	apparmor denied operation file_inherit from networkmanager when using HWE kernel
2015-03-30 17:18:37	Jamie Strandboge	nominated for series		Ubuntu Vivid
2015-03-30 17:18:37	Jamie Strandboge	bug task added		isc-dhcp (Ubuntu Vivid)
2015-03-30 17:18:37	Jamie Strandboge	nominated for series		Ubuntu Trusty
2015-03-30 17:18:37	Jamie Strandboge	bug task added		isc-dhcp (Ubuntu Trusty)
2015-03-30 17:18:43	Jamie Strandboge	isc-dhcp (Ubuntu Vivid): status	Confirmed	Fix Released
2015-03-30 17:18:50	Jamie Strandboge	isc-dhcp (Ubuntu Trusty): status	New	Triaged
2015-03-30 17:29:22	Jamie Strandboge	isc-dhcp (Ubuntu Trusty): importance	Undecided	High
2015-03-30 17:29:23	Jamie Strandboge	isc-dhcp (Ubuntu Trusty): assignee		Jamie Strandboge (jdstrand)
2015-03-30 17:51:57	Jamie Strandboge	description	Hallo, on Kubuntu 14.04.x dmesg shows me the following apparmor messages; Is this normal or is this a security issue together with network-manager? [ 16.171766] audit: type=1400 audit(1422595680.679:68): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2229 comm="nm-dhcp-client." lport=10320 family="inet" sock_type="dgram" protocol=17 [ 16.171772] audit: type=1400 audit(1422595680.679:69): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2229 comm="nm-dhcp-client." lport=21985 family="inet6" sock_type="dgram" protocol=17 [ 16.199936] audit: type=1400 audit(1422595680.707:70): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2246 comm="nm-dhcp-client." lport=10320 family="inet" sock_type="dgram" protocol=17 [ 16.199943] audit: type=1400 audit(1422595680.707:71): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2246 comm="nm-dhcp-client." lport=21985 family="inet6" sock_type="dgram" protocol=17 [ 16.201369] audit: type=1400 audit(1422595680.707:72): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2248 comm="nm-dhcp-client." lport=10320 family="inet" sock_type="dgram" protocol=17 [ 16.201379] audit: type=1400 audit(1422595680.707:73): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2248 comm="nm-dhcp-client." lport=21985 family="inet6" sock_type="dgram" protocol=17 [ 17.206342] audit: type=1400 audit(1422595681.711:74): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2468 comm="nm-dhcp-client." lport=10320 family="inet" sock_type="dgram" protocol=17 [ 17.206349] audit: type=1400 audit(1422595681.711:75): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2468 comm="nm-dhcp-client." lport=21985 family="inet6" sock_type="dgram" protocol=17 When I logon to KDE, KDE hangs sometimes for 3sec at the login-process , when there is no internet connection (DSL modem did not dial-in yet). Thanks for your help! Best regards, Bernhard	[Impact] AppArmor denials appear in dhclient when using using HWE kernel on 14.04. This can result in incorrect dhcp operation on client systems. [Test Case] Install HWE kernel and use network manager to obtain an IP address. [Regression Potential] Extremely low since the update only adds access that dhclient didn't have. Original description: Hallo, on Kubuntu 14.04.x dmesg shows me the following apparmor messages; Is this normal or is this a security issue together with network-manager? [ 16.171766] audit: type=1400 audit(1422595680.679:68): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2229 comm="nm-dhcp-client." lport=10320 family="inet" sock_type="dgram" protocol=17 [ 16.171772] audit: type=1400 audit(1422595680.679:69): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2229 comm="nm-dhcp-client." lport=21985 family="inet6" sock_type="dgram" protocol=17 [ 16.199936] audit: type=1400 audit(1422595680.707:70): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2246 comm="nm-dhcp-client." lport=10320 family="inet" sock_type="dgram" protocol=17 [ 16.199943] audit: type=1400 audit(1422595680.707:71): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2246 comm="nm-dhcp-client." lport=21985 family="inet6" sock_type="dgram" protocol=17 [ 16.201369] audit: type=1400 audit(1422595680.707:72): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2248 comm="nm-dhcp-client." lport=10320 family="inet" sock_type="dgram" protocol=17 [ 16.201379] audit: type=1400 audit(1422595680.707:73): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2248 comm="nm-dhcp-client." lport=21985 family="inet6" sock_type="dgram" protocol=17 [ 17.206342] audit: type=1400 audit(1422595681.711:74): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2468 comm="nm-dhcp-client." lport=10320 family="inet" sock_type="dgram" protocol=17 [ 17.206349] audit: type=1400 audit(1422595681.711:75): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2468 comm="nm-dhcp-client." lport=21985 family="inet6" sock_type="dgram" protocol=17 When I logon to KDE, KDE hangs sometimes for 3sec at the login-process , when there is no internet connection (DSL modem did not dial-in yet). Thanks for your help! Best regards, Bernhard
2015-03-30 17:52:19	Jamie Strandboge	attachment added		isc-dhcp_4.2.4-7ubuntu12.1.debdiff https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1417658/+attachment/4361241/+files/isc-dhcp_4.2.4-7ubuntu12.1.debdiff
2015-03-30 17:52:51	Jamie Strandboge	isc-dhcp (Ubuntu Trusty): status	Triaged	In Progress
2015-03-30 17:54:07	Jamie Strandboge	bug			added subscriber Ubuntu Stable Release Updates Team
2015-03-30 17:56:17	Jamie Strandboge	description	[Impact] AppArmor denials appear in dhclient when using using HWE kernel on 14.04. This can result in incorrect dhcp operation on client systems. [Test Case] Install HWE kernel and use network manager to obtain an IP address. [Regression Potential] Extremely low since the update only adds access that dhclient didn't have. Original description: Hallo, on Kubuntu 14.04.x dmesg shows me the following apparmor messages; Is this normal or is this a security issue together with network-manager? [ 16.171766] audit: type=1400 audit(1422595680.679:68): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2229 comm="nm-dhcp-client." lport=10320 family="inet" sock_type="dgram" protocol=17 [ 16.171772] audit: type=1400 audit(1422595680.679:69): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2229 comm="nm-dhcp-client." lport=21985 family="inet6" sock_type="dgram" protocol=17 [ 16.199936] audit: type=1400 audit(1422595680.707:70): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2246 comm="nm-dhcp-client." lport=10320 family="inet" sock_type="dgram" protocol=17 [ 16.199943] audit: type=1400 audit(1422595680.707:71): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2246 comm="nm-dhcp-client." lport=21985 family="inet6" sock_type="dgram" protocol=17 [ 16.201369] audit: type=1400 audit(1422595680.707:72): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2248 comm="nm-dhcp-client." lport=10320 family="inet" sock_type="dgram" protocol=17 [ 16.201379] audit: type=1400 audit(1422595680.707:73): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2248 comm="nm-dhcp-client." lport=21985 family="inet6" sock_type="dgram" protocol=17 [ 17.206342] audit: type=1400 audit(1422595681.711:74): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2468 comm="nm-dhcp-client." lport=10320 family="inet" sock_type="dgram" protocol=17 [ 17.206349] audit: type=1400 audit(1422595681.711:75): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2468 comm="nm-dhcp-client." lport=21985 family="inet6" sock_type="dgram" protocol=17 When I logon to KDE, KDE hangs sometimes for 3sec at the login-process , when there is no internet connection (DSL modem did not dial-in yet). Thanks for your help! Best regards, Bernhard	[Impact] AppArmor denials appear in dhclient when using using HWE kernel on 14.04. This can result in incorrect dhcp operation on client systems. The fix is to add these rules: network inet dgram, network inet6 dgram, to the dhclient profile for nm-dhcp-client.action and dhclient-script, like we did in 4.2.4-7ubuntu14. [Test Case] Install HWE kernel and use network manager to obtain an IP address. [Regression Potential] Extremely low since the update only adds access that dhclient didn't have. Original description: Hallo, on Kubuntu 14.04.x dmesg shows me the following apparmor messages; Is this normal or is this a security issue together with network-manager? [ 16.171766] audit: type=1400 audit(1422595680.679:68): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2229 comm="nm-dhcp-client." lport=10320 family="inet" sock_type="dgram" protocol=17 [ 16.171772] audit: type=1400 audit(1422595680.679:69): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2229 comm="nm-dhcp-client." lport=21985 family="inet6" sock_type="dgram" protocol=17 [ 16.199936] audit: type=1400 audit(1422595680.707:70): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2246 comm="nm-dhcp-client." lport=10320 family="inet" sock_type="dgram" protocol=17 [ 16.199943] audit: type=1400 audit(1422595680.707:71): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2246 comm="nm-dhcp-client." lport=21985 family="inet6" sock_type="dgram" protocol=17 [ 16.201369] audit: type=1400 audit(1422595680.707:72): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2248 comm="nm-dhcp-client." lport=10320 family="inet" sock_type="dgram" protocol=17 [ 16.201379] audit: type=1400 audit(1422595680.707:73): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2248 comm="nm-dhcp-client." lport=21985 family="inet6" sock_type="dgram" protocol=17 [ 17.206342] audit: type=1400 audit(1422595681.711:74): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2468 comm="nm-dhcp-client." lport=10320 family="inet" sock_type="dgram" protocol=17 [ 17.206349] audit: type=1400 audit(1422595681.711:75): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2468 comm="nm-dhcp-client." lport=21985 family="inet6" sock_type="dgram" protocol=17 When I logon to KDE, KDE hangs sometimes for 3sec at the login-process , when there is no internet connection (DSL modem did not dial-in yet). Thanks for your help! Best regards, Bernhard
2015-03-30 17:57:33	Jamie Strandboge	isc-dhcp (Ubuntu Trusty): assignee	Jamie Strandboge (jdstrand)
2015-04-01 18:16:34	Chris J Arges	isc-dhcp (Ubuntu Trusty): status	In Progress	Fix Committed
2015-04-01 18:16:38	Chris J Arges	bug			added subscriber SRU Verification
2015-04-01 18:16:40	Chris J Arges	tags	14.04 apparmor networkmanager trusty	14.04 apparmor networkmanager trusty verification-needed
2015-04-01 21:49:23	stargazer	tags	14.04 apparmor networkmanager trusty verification-needed	14.04 apparmor networkmanager trusty verification-done
2015-04-07 22:27:18	Adam Carlin	bug			added subscriber Adam Carlin
2015-04-15 20:07:09	Launchpad Janitor	isc-dhcp (Ubuntu Trusty): status	Fix Committed	Fix Released
2015-04-15 20:07:15	Chris J Arges	removed subscriber Ubuntu Stable Release Updates Team

Ubuntuisc-dhcp package

Activity log for bug #1417658

Ubuntu
isc-dhcp package