2015-02-03 16:51:24 |
stargazer |
bug |
|
|
added bug |
2015-02-03 16:51:50 |
stargazer |
tags |
|
14.04 apparmor manager network trusty |
|
2015-02-03 16:52:05 |
stargazer |
tags |
14.04 apparmor manager network trusty |
14.04 apparmor networkmanager trusty |
|
2015-02-23 09:46:52 |
Launchpad Janitor |
apparmor (Ubuntu): status |
New |
Confirmed |
|
2015-03-10 11:34:32 |
Chris Davies |
bug |
|
|
added subscriber Chris Davies |
2015-03-22 21:48:43 |
Ivan Frederiks |
bug |
|
|
added subscriber Ivan Frederiks |
2015-03-30 14:03:12 |
alp |
bug |
|
|
added subscriber Jamie Strandboge |
2015-03-30 14:16:02 |
alp |
bug task added |
|
isc-dhcp (Ubuntu) |
|
2015-03-30 15:43:25 |
Launchpad Janitor |
isc-dhcp (Ubuntu): status |
New |
Confirmed |
|
2015-03-30 17:18:13 |
Jamie Strandboge |
bug task deleted |
apparmor (Ubuntu) |
|
|
2015-03-30 17:18:24 |
Jamie Strandboge |
summary |
apparmor denied operation file_inherit from networkmanager |
apparmor denied operation file_inherit from networkmanager when using HWE kernel |
|
2015-03-30 17:18:37 |
Jamie Strandboge |
nominated for series |
|
Ubuntu Vivid |
|
2015-03-30 17:18:37 |
Jamie Strandboge |
bug task added |
|
isc-dhcp (Ubuntu Vivid) |
|
2015-03-30 17:18:37 |
Jamie Strandboge |
nominated for series |
|
Ubuntu Trusty |
|
2015-03-30 17:18:37 |
Jamie Strandboge |
bug task added |
|
isc-dhcp (Ubuntu Trusty) |
|
2015-03-30 17:18:43 |
Jamie Strandboge |
isc-dhcp (Ubuntu Vivid): status |
Confirmed |
Fix Released |
|
2015-03-30 17:18:50 |
Jamie Strandboge |
isc-dhcp (Ubuntu Trusty): status |
New |
Triaged |
|
2015-03-30 17:29:22 |
Jamie Strandboge |
isc-dhcp (Ubuntu Trusty): importance |
Undecided |
High |
|
2015-03-30 17:29:23 |
Jamie Strandboge |
isc-dhcp (Ubuntu Trusty): assignee |
|
Jamie Strandboge (jdstrand) |
|
2015-03-30 17:51:57 |
Jamie Strandboge |
description |
Hallo,
on Kubuntu 14.04.x dmesg shows me the following apparmor messages;
Is this normal or is this a security issue together with network-manager?
[ 16.171766] audit: type=1400 audit(1422595680.679:68): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2229 comm="nm-dhcp-client." lport=10320 family="inet" sock_type="dgram" protocol=17
[ 16.171772] audit: type=1400 audit(1422595680.679:69): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2229 comm="nm-dhcp-client." lport=21985 family="inet6" sock_type="dgram" protocol=17
[ 16.199936] audit: type=1400 audit(1422595680.707:70): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2246 comm="nm-dhcp-client." lport=10320 family="inet" sock_type="dgram" protocol=17
[ 16.199943] audit: type=1400 audit(1422595680.707:71): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2246 comm="nm-dhcp-client." lport=21985 family="inet6" sock_type="dgram" protocol=17
[ 16.201369] audit: type=1400 audit(1422595680.707:72): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2248 comm="nm-dhcp-client." lport=10320 family="inet" sock_type="dgram" protocol=17
[ 16.201379] audit: type=1400 audit(1422595680.707:73): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2248 comm="nm-dhcp-client." lport=21985 family="inet6" sock_type="dgram" protocol=17
[ 17.206342] audit: type=1400 audit(1422595681.711:74): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2468 comm="nm-dhcp-client." lport=10320 family="inet" sock_type="dgram" protocol=17
[ 17.206349] audit: type=1400 audit(1422595681.711:75): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2468 comm="nm-dhcp-client." lport=21985 family="inet6" sock_type="dgram" protocol=17
When I logon to KDE, KDE hangs sometimes for 3sec at the login-process , when there is no internet connection (DSL modem did not dial-in yet).
Thanks for your help!
Best regards, Bernhard |
[Impact]
AppArmor denials appear in dhclient when using using HWE kernel on 14.04. This can result in incorrect dhcp operation on client systems.
[Test Case]
Install HWE kernel and use network manager to obtain an IP address.
[Regression Potential]
Extremely low since the update only adds access that dhclient didn't have.
Original description:
Hallo,
on Kubuntu 14.04.x dmesg shows me the following apparmor messages;
Is this normal or is this a security issue together with network-manager?
[ 16.171766] audit: type=1400 audit(1422595680.679:68): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2229 comm="nm-dhcp-client." lport=10320 family="inet" sock_type="dgram" protocol=17
[ 16.171772] audit: type=1400 audit(1422595680.679:69): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2229 comm="nm-dhcp-client." lport=21985 family="inet6" sock_type="dgram" protocol=17
[ 16.199936] audit: type=1400 audit(1422595680.707:70): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2246 comm="nm-dhcp-client." lport=10320 family="inet" sock_type="dgram" protocol=17
[ 16.199943] audit: type=1400 audit(1422595680.707:71): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2246 comm="nm-dhcp-client." lport=21985 family="inet6" sock_type="dgram" protocol=17
[ 16.201369] audit: type=1400 audit(1422595680.707:72): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2248 comm="nm-dhcp-client." lport=10320 family="inet" sock_type="dgram" protocol=17
[ 16.201379] audit: type=1400 audit(1422595680.707:73): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2248 comm="nm-dhcp-client." lport=21985 family="inet6" sock_type="dgram" protocol=17
[ 17.206342] audit: type=1400 audit(1422595681.711:74): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2468 comm="nm-dhcp-client." lport=10320 family="inet" sock_type="dgram" protocol=17
[ 17.206349] audit: type=1400 audit(1422595681.711:75): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2468 comm="nm-dhcp-client." lport=21985 family="inet6" sock_type="dgram" protocol=17
When I logon to KDE, KDE hangs sometimes for 3sec at the login-process , when there is no internet connection (DSL modem did not dial-in yet).
Thanks for your help!
Best regards, Bernhard |
|
2015-03-30 17:52:19 |
Jamie Strandboge |
attachment added |
|
isc-dhcp_4.2.4-7ubuntu12.1.debdiff https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1417658/+attachment/4361241/+files/isc-dhcp_4.2.4-7ubuntu12.1.debdiff |
|
2015-03-30 17:52:51 |
Jamie Strandboge |
isc-dhcp (Ubuntu Trusty): status |
Triaged |
In Progress |
|
2015-03-30 17:54:07 |
Jamie Strandboge |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2015-03-30 17:56:17 |
Jamie Strandboge |
description |
[Impact]
AppArmor denials appear in dhclient when using using HWE kernel on 14.04. This can result in incorrect dhcp operation on client systems.
[Test Case]
Install HWE kernel and use network manager to obtain an IP address.
[Regression Potential]
Extremely low since the update only adds access that dhclient didn't have.
Original description:
Hallo,
on Kubuntu 14.04.x dmesg shows me the following apparmor messages;
Is this normal or is this a security issue together with network-manager?
[ 16.171766] audit: type=1400 audit(1422595680.679:68): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2229 comm="nm-dhcp-client." lport=10320 family="inet" sock_type="dgram" protocol=17
[ 16.171772] audit: type=1400 audit(1422595680.679:69): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2229 comm="nm-dhcp-client." lport=21985 family="inet6" sock_type="dgram" protocol=17
[ 16.199936] audit: type=1400 audit(1422595680.707:70): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2246 comm="nm-dhcp-client." lport=10320 family="inet" sock_type="dgram" protocol=17
[ 16.199943] audit: type=1400 audit(1422595680.707:71): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2246 comm="nm-dhcp-client." lport=21985 family="inet6" sock_type="dgram" protocol=17
[ 16.201369] audit: type=1400 audit(1422595680.707:72): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2248 comm="nm-dhcp-client." lport=10320 family="inet" sock_type="dgram" protocol=17
[ 16.201379] audit: type=1400 audit(1422595680.707:73): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2248 comm="nm-dhcp-client." lport=21985 family="inet6" sock_type="dgram" protocol=17
[ 17.206342] audit: type=1400 audit(1422595681.711:74): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2468 comm="nm-dhcp-client." lport=10320 family="inet" sock_type="dgram" protocol=17
[ 17.206349] audit: type=1400 audit(1422595681.711:75): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2468 comm="nm-dhcp-client." lport=21985 family="inet6" sock_type="dgram" protocol=17
When I logon to KDE, KDE hangs sometimes for 3sec at the login-process , when there is no internet connection (DSL modem did not dial-in yet).
Thanks for your help!
Best regards, Bernhard |
[Impact]
AppArmor denials appear in dhclient when using using HWE kernel on 14.04. This can result in incorrect dhcp operation on client systems. The fix is to add these rules:
network inet dgram,
network inet6 dgram,
to the dhclient profile for nm-dhcp-client.action and dhclient-script, like we did in 4.2.4-7ubuntu14.
[Test Case]
Install HWE kernel and use network manager to obtain an IP address.
[Regression Potential]
Extremely low since the update only adds access that dhclient didn't have.
Original description:
Hallo,
on Kubuntu 14.04.x dmesg shows me the following apparmor messages;
Is this normal or is this a security issue together with network-manager?
[ 16.171766] audit: type=1400 audit(1422595680.679:68): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2229 comm="nm-dhcp-client." lport=10320 family="inet" sock_type="dgram" protocol=17
[ 16.171772] audit: type=1400 audit(1422595680.679:69): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2229 comm="nm-dhcp-client." lport=21985 family="inet6" sock_type="dgram" protocol=17
[ 16.199936] audit: type=1400 audit(1422595680.707:70): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2246 comm="nm-dhcp-client." lport=10320 family="inet" sock_type="dgram" protocol=17
[ 16.199943] audit: type=1400 audit(1422595680.707:71): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2246 comm="nm-dhcp-client." lport=21985 family="inet6" sock_type="dgram" protocol=17
[ 16.201369] audit: type=1400 audit(1422595680.707:72): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2248 comm="nm-dhcp-client." lport=10320 family="inet" sock_type="dgram" protocol=17
[ 16.201379] audit: type=1400 audit(1422595680.707:73): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2248 comm="nm-dhcp-client." lport=21985 family="inet6" sock_type="dgram" protocol=17
[ 17.206342] audit: type=1400 audit(1422595681.711:74): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2468 comm="nm-dhcp-client." lport=10320 family="inet" sock_type="dgram" protocol=17
[ 17.206349] audit: type=1400 audit(1422595681.711:75): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2468 comm="nm-dhcp-client." lport=21985 family="inet6" sock_type="dgram" protocol=17
When I logon to KDE, KDE hangs sometimes for 3sec at the login-process , when there is no internet connection (DSL modem did not dial-in yet).
Thanks for your help!
Best regards, Bernhard |
|
2015-03-30 17:57:33 |
Jamie Strandboge |
isc-dhcp (Ubuntu Trusty): assignee |
Jamie Strandboge (jdstrand) |
|
|
2015-04-01 18:16:34 |
Chris J Arges |
isc-dhcp (Ubuntu Trusty): status |
In Progress |
Fix Committed |
|
2015-04-01 18:16:38 |
Chris J Arges |
bug |
|
|
added subscriber SRU Verification |
2015-04-01 18:16:40 |
Chris J Arges |
tags |
14.04 apparmor networkmanager trusty |
14.04 apparmor networkmanager trusty verification-needed |
|
2015-04-01 21:49:23 |
stargazer |
tags |
14.04 apparmor networkmanager trusty verification-needed |
14.04 apparmor networkmanager trusty verification-done |
|
2015-04-07 22:27:18 |
Adam Carlin |
bug |
|
|
added subscriber Adam Carlin |
2015-04-15 20:07:09 |
Launchpad Janitor |
isc-dhcp (Ubuntu Trusty): status |
Fix Committed |
Fix Released |
|
2015-04-15 20:07:15 |
Chris J Arges |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|