[BLUEFIELD] dmesg is flooded with apparmor="DENIED" for dhclient messages
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
isc-dhcp (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
Ubuntu 20.04.3
Kernel: 5.4.0-1028-
ii isc-dhcp-client 4.4.1-2.
ii isc-dhcp-common 4.4.1-2.
ii apparmor 2.13.3-7ubuntu5.1 arm64 user-space parser utility for AppArmor
ii libapparmor1:arm64 2.13.3-7ubuntu5.1 arm64 changehat AppArmor library
ii network-manager 1.22.10-1ubuntu2.3 arm64 network management framework (daemon and userspace tools)
Configuration:
--------------
# cat /etc/netplan/
# This file is generated from information provided by the datasource. Changes
# to it will not persist across an instance reboot. To disable cloud-init's
# network configuration capabilities, write a file
# /etc/cloud/
# network: {config: disabled}
network:
ethernets:
oob_net0:
dhcp4: true
- 192.168.100.2/30
dhcp4: false
- 192.168.100.1
routes:
- metric: 1025
to: 0.0.0.0/0
renderer: NetworkManager
version: 2
Dmesg:
-----
[59685.099760] audit: type=1400 audit(164519328
[59685.148687] audit: type=1400 audit(164519328
[59926.641500] audit: type=1400 audit(164519352
[59926.641685] audit: type=1400 audit(164519352
[59926.641776] audit: type=1400 audit(164519352
[59931.623506] audit: type=1400 audit(164519353
[59931.623665] audit: type=1400 audit(164519353
[59931.623758] audit: type=1400 audit(164519353
[60030.017642] audit: type=1400 audit(164519363
[60030.017810] audit: type=1400 audit(164519363
[60030.017907] audit: type=1400 audit(164519363
[60030.073115] audit: type=1400 audit(164519363
Note that the /proc/XXXXXX/ task/YYYYYY/ comm denials are addressed in LP: #1918410.
That leaves two of this sort:
audit: type=1400 audit(164519328 6.560:2012) : apparmor="DENIED" operation="mknod" profile= "/{,usr/ }sbin/dhclient" name="/ run/NetworkMana ger/dhclient- oob_net0. pid" pid=103303 comm="dhclient" requested_mask="c" denied_mask="c" fsuid=0 ouid=0