Missing read access in apparmor profile for /proc/net/dev
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
isc-dhcp (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
I upgraded to isc-dhcp-server 4.1.1 and found the server wouldn't start. Tracked it down to missing read permissions in the shipped apparmor profile. After strace-ing, added the following quick change and restarted apparmor to allow access to /proc/{pid}/net/dev so dhcpd can read the network devices list. This may be specifically related to running on maverick and perhaps belongs in a backport.
$ diff -u /etc/apparmor.
--- /etc/apparmor.
+++ /etc/apparmor.
@@ -51,4 +51,5 @@
# Site-specific additions and overrides. See local/README for details.
#include <local/
+ /proc/** r,
}
ProblemType: Bug
DistroRelease: Ubuntu 10.10
Package: isc-dhcp-server 4.1.1-P1-11ubuntu1
ProcVersionSign
Uname: Linux 2.6.35-22-generic x86_64
NonfreeKernelMo
Architecture: amd64
Date: Tue Nov 23 00:43:17 2010
ProcEnviron:
PATH=(custom, user)
SHELL=/bin/bash
SourcePackage: isc-dhcp