Ubuntu
isc-dhcp package

Missing read access in apparmor profile for /proc/net/dev

Bug #680387 reported by Michael Milligan
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
isc-dhcp (Ubuntu)
New
Undecided
Unassigned

Bug Description

I upgraded to isc-dhcp-server 4.1.1 and found the server wouldn't start. Tracked it down to missing read permissions in the shipped apparmor profile. After strace-ing, added the following quick change and restarted apparmor to allow access to /proc/{pid}/net/dev so dhcpd can read the network devices list. This may be specifically related to running on maverick and perhaps belongs in a backport.

$ diff -u /etc/apparmor.d/usr.bin.dhcpd.orig /etc/apparmor.d/usr.sbin.dhcpd
--- /etc/apparmor.d/usr.bin.dhcpd.orig 2010-11-22 14:50:43.046164752 -0700
+++ /etc/apparmor.d/usr.sbin.dhcpd 2010-11-22 15:47:03.678955705 -0700
@@ -51,4 +51,5 @@

   # Site-specific additions and overrides. See local/README for details.
   #include <local/usr.sbin.dhcpd>
+ /proc/** r,
 }

ProblemType: Bug
DistroRelease: Ubuntu 10.10
Package: isc-dhcp-server 4.1.1-P1-11ubuntu1
ProcVersionSignature: Ubuntu 2.6.35-22.34~lucid1-generic 2.6.35.4
Uname: Linux 2.6.35-22-generic x86_64
NonfreeKernelModules: openafs nvidia wl
Architecture: amd64
Date: Tue Nov 23 00:43:17 2010
ProcEnviron:
 PATH=(custom, user)
 SHELL=/bin/bash
SourcePackage: isc-dhcp

Revision history for this message
Michael Milligan (milli) wrote :
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.