isc-dhcp-server doesn't work in ipv6 mode

Bug #787212 reported by garo on 2011-05-23
20
This bug affects 2 people
Affects Status Importance Assigned to Milestone
isc-dhcp (Ubuntu)
Medium
Brian Murray
Natty
Medium
Brian Murray

Bug Description

Binary package hint: isc-dhcp-server

(isc-dhcp-server 4.1.1-P1-15ubuntu9 on Ubuntu server 11.04)
It's impossible to run dhcpd with the -6 flag with the current apparmor config in the isc-dhcp-server package. I added a patch that fixes this problem, apply with "cd / ; patch -p1 < dhcpv6support.patch".

TEST CASE:
1) Copy /etc/init.d/isc-dhcp-server to /etc/init.d/isc-dhcp-server6
2) Copy /etc/dhcp/dhcpd.conf to /etc/dhcp/dhcpd6.conf
3) Apply the patch from http://paste.ubuntu.com/706208/ to isc-dhcp-server6
4) Run: update-rc.d isc-dhcp-server6 defaults
5) Edit /etc/dhcp/dhcpd6.conf to look like:
---
authoritative;
option dhcp6.name-servers 2001:470:20::2;
option dhcp6.domain-search "ubuntu.com", "stgraber.net";

# testv6-dhcpv6
subnet6 2001:470:8cc0:9002::/64 {
    range6 2001:470:8cc0:9002::128 2001:470:8cc0:9002::254;
}
---
6) create an ipv6 address on the same network 'ip -6 addr add 2001:470:8cc0:9002:127/64 dev eth0'
7) /etc/init.d/isc-dhcp-server6 start

This will fail with isc-dhcp-server version 4.1.1-P1-15ubuntu9.1 installed and apparmor.
You will see something like the following in syslog - apparmor="DENIED" .. profile="/usr/sbin/dhcpd"

With the -proposed version isc-dhcp-server and isc-dhcp-common step 6 will start okay.

Related branches

garo (nikolas) wrote :
garo (nikolas) wrote :

I also added a second file that can be placed in /etc/init.d/ as 2nd init script to launch the server in v6 mode (if you run "diff /etc/init.d/isc-dhcp*-server" you will see that it's very similar to the init script to launch the server in regular dhcp mode.

This init-file is only optional, it is not needed to fix the bug. (but it would be nice to include it even if you don't place it in any runlevels)

A default /etc/dhcp/dhcpd6.conf is maybe also a good idea (also not needed to fix the bug).

tags: added: patch
Changed in isc-dhcp (Ubuntu):
status: New → In Progress
importance: Undecided → Medium
assignee: nobody → Brian Murray (brian-murray)
tags: added: ipv6
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package isc-dhcp - 4.1.1-P1-17ubuntu2

---------------
isc-dhcp (4.1.1-P1-17ubuntu2) oneiric; urgency=low

  * debian/apparmor-profile.dhcpd: modify AppArmor profile for DHCP server to
    work with IPv6 thanks to Launchpad user nikolas for the patch. LP: #787212
 -- Brian Murray <email address hidden> Fri, 03 Jun 2011 13:55:44 -0700

Changed in isc-dhcp (Ubuntu):
status: In Progress → Fix Released
Guy Taylor (thebiggerguy) wrote :

Would it be sensible to backport this to natty? I hand edited the patch into a natty server and it worked.

Changed in isc-dhcp (Ubuntu Natty):
status: New → In Progress
assignee: nobody → Brian Murray (brian-murray)
importance: Undecided → Medium
Brian Murray (brian-murray) wrote :

I've created a debdiff for Natty (attached) that includes the patch from Oneiric. However, I'm not quite certain how to test it. Guy - could you add a test case to the bug description? Thanks in advance.

Stéphane Graber (stgraber) wrote :

Here's how to test it:
 - Copy /etc/init.d/isc-dhcp-server to /etc/init.d/isc-dhcp-server6
 - Apply the patch from http://paste.ubuntu.com/706208/ to isc-dhcp-server6
 - Run: update-rc.d isc-dhcp-server6 defaults
 - Edit /etc/dhcp/dhcpd6.conf to look like:
---
authoritative;
option dhcp6.name-servers 2001:470:20::2;
option dhcp6.domain-search "ubuntu.com", "stgraber.net";

# testv6-dhcpv6
subnet6 2001:470:8cc0:9002::/64 {
    range6 2001:470:8cc0:9002::128 2001:470:8cc0:9002::254;
}
---
 - /etc/init.d/isc-dhcp-server6 start

description: updated
description: updated

Hello garo, or anyone else affected,

Accepted isc-dhcp into natty-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Changed in isc-dhcp (Ubuntu Natty):
status: In Progress → Fix Committed
tags: added: verification-needed
Changed in isc-dhcp (Ubuntu Natty):
status: Fix Committed → Won't Fix
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers