Admitting I know very little about apparmor, here is the profile that worked for me: # cat /etc/apparmor.d/usr.sbin.dhcpd
# vim:syntax=apparmor
#include <tunables/global>
/usr/sbin/dhcpd { #include <abstractions/base> #include <abstractions/nameservice>
capability chown, capability dac_override, capability net_bind_service, capability net_raw, capability setgid, capability setuid, capability sys_chroot,
network inet raw, network packet raw,
/etc/dhcp/dhcpd.conf r, /etc/dhcp/dhcpd6.conf r, /etc/bind/* r, /etc/hosts.allow r, /etc/hosts.deny r, @{PROC}/net/dev r, /usr/sbin/dhcpd rmix, /var/lib/dhcp/dhcpd.leases* rwl, /var/lib/dhcp/dhcpd6.leases* rwl, /{,var/}run/dhcp-server/dhcpd.pid wl, }
Admitting I know very little about apparmor, here is the profile that worked for me: d/usr.sbin. dhcpd
# cat /etc/apparmor.
# vim:syntax=apparmor
#include <tunables/global>
/usr/sbin/dhcpd { nameservice>
#include <abstractions/base>
#include <abstractions/
capability chown,
capability dac_override,
capability net_bind_service,
capability net_raw,
capability setgid,
capability setuid,
capability sys_chroot,
network inet raw,
network packet raw,
/etc/ dhcp/dhcpd. conf r, dhcp/dhcpd6. conf r, lib/dhcp/ dhcpd.leases* rwl, lib/dhcp/ dhcpd6. leases* rwl, }run/dhcp- server/ dhcpd.pid wl,
/etc/
/etc/bind/* r,
/etc/hosts.allow r,
/etc/hosts.deny r,
@{PROC}/net/dev r,
/usr/sbin/dhcpd rmix,
/var/
/var/
/{,var/
}