Ubuntu
isc-dhcp package

  1. Bug #1417658
  2. Comment #4

Comment 4 for bug 1417658

Revision history for this message
alp (atoker) wrote : Re: apparmor denied operation file_inherit from networkmanager

This issue causes incomplete dhcp configuration to assign a stale IP that may already be leased to another device on the network.

The fix is to backport the AppArmor profile updates from https://launchpad.net/ubuntu/+source/isc-dhcp/4.2.4-7ubuntu14

diff -pruN 4.2.4-7ubuntu13/debian/apparmor-profile.dhclient 4.2.4-7ubuntu14/debian/apparmor-profile.dhclient
--- 4.2.4-7ubuntu13/debian/apparmor-profile.dhclient 2014-06-25 12:05:29.000000000 +0000
+++ 4.2.4-7ubuntu14/debian/apparmor-profile.dhclient 2014-08-27 14:01:23.000000000 +0000
@@ -74,11 +74,15 @@
   /var/lib/NetworkManager/*lease r,
   signal (receive) peer=/usr/sbin/NetworkManager,
   ptrace (readby) peer=/usr/sbin/NetworkManager,
+ network inet dgram,
+ network inet6 dgram,
 }

 /usr/lib/connman/scripts/dhclient-script {
   #include <abstractions/base>
   #include <abstractions/dbus>
   /usr/lib/connman/scripts/dhclient-script mr,
+ network inet dgram,
+ network inet6 dgram,
 }

diff -pruN 4.2.4-7ubuntu13/debian/changelog 4.2.4-7ubuntu14/debian/changelog
--- 4.2.4-7ubuntu13/debian/changelog 2014-06-25 12:31:57.000000000 +0000
+++ 4.2.4-7ubuntu14/debian/changelog 2014-08-27 14:04:04.000000000 +0000
@@ -1,3 +1,10 @@
+isc-dhcp (4.2.4-7ubuntu14) utopic; urgency=medium
+
+ * debian/apparmor-profile.dhclient: add file_inherit inet{,6} dgram rules
+ for child profiles
+
+ -- Jamie Strandboge <email address hidden> Wed, 27 Aug 2014 09:01:46 -0500
+
 isc-dhcp (4.2.4-7ubuntu13) utopic; urgency=medium

   * apparmor-profile.dhclient: allow signal receive and ptrace readby by