isc-dhcp-server AppArmor Denied on /proc/sys/net/ipv4/ip_local_port_range

Bug #1901373 reported by Steve Matos on 2020-10-25
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
isc-dhcp (Ubuntu)
Undecided
Unassigned

Bug Description

The following AppArmor denial errors are shown on startup:

Oct 25 00:52:00 xxx kernel: [ 556.231990] audit: type=1400 audit(1603601520.710:32): apparmor="DENIED" operation="open" profile="/usr/sbin/dhcpd" name="/proc/sys/net/ipv4/ip_local_port_range" pid=1982 comm="dhcpd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Oct 25 00:52:00 xxx kernel: [ 556.232257] audit: type=1400 audit(1603601520.710:33): apparmor="DENIED" operation="open" profile="/usr/sbin/dhcpd" name="/proc/sys/net/ipv4/ip_local_port_range" pid=1982 comm="dhcpd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0

Fix is to edit /etc/apparmor.d/local/usr.sbin.dhcpd to have:
@{PROC}/sys/net/ipv4/ip_local_port_range r,

'lsb_release -rd':
Description: Ubuntu 20.04.1 LTS
Release: 20.04

isc-dhcp-server:
  Installed: 4.4.1-2.1ubuntu5
  Candidate: 4.4.1-2.1ubuntu5
  Version table:
 *** 4.4.1-2.1ubuntu5 500
        500 http://us.archive.ubuntu.com/ubuntu focal/main amd64 Packages
        100 /var/lib/dpkg/status

apparmor:
  Installed: 2.13.3-7ubuntu5.1
  Candidate: 2.13.3-7ubuntu5.1
  Version table:
 *** 2.13.3-7ubuntu5.1 500
        500 http://us.archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages
        100 /var/lib/dpkg/status
     2.13.3-7ubuntu5 500
        500 http://us.archive.ubuntu.com/ubuntu focal/main amd64 Packages

Michael Albert (albertmichaelj) wrote :

I can confirm that I am seeing this same behavior. The proposed fix also worked for me.

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in isc-dhcp (Ubuntu):
status: New → Confirmed
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers