dnsmasq needs access to /var/lib/neutron/dhcp/* as nobody

Bug #1873438 reported by Albert Damen on 2020-04-17
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
neutron (Ubuntu)
High
James Page

Bug Description

After bug 1866187 "dnsmasq needs access to /var/lib/neutron/dhcp" was fixed we now got a new error:

/var/lib/neutron/dhcp/<guid> is not accessible.

due to: find /var/lib/neutron -type f -exec chmod 0640 "{}" + -o -type d -exec chmod 0750 "{}" +

Apr 17 10:57:16 network dnsmasq[11259]: failed to load names from /var/lib/neutron/dhcp/493a63a2-8110-4d88-a3cd-49f6643b670c/addn_h>
Apr 17 10:57:16 network dnsmasq[11259]: cannot read /var/lib/neutron/dhcp/493a63a2-8110-4d88-a3cd-49f6643b670c/host: Permission den>
Apr 17 10:57:16 network dnsmasq[11259]: cannot read /var/lib/neutron/dhcp/493a63a2-8110-4d88-a3cd-49f6643b670c/opts: Permission den>

where dnsmasq is running as user nobody.

and now
~$ ls -la /var/lib/neutron/dhcp/
total 16
drwxr-xr-x 4 neutron neutron 4096 Apr 17 09:09 .
drwxr-xr-x 8 neutron neutron 4096 Apr 17 09:27 ..
drwxr-x--- 2 neutron neutron 4096 Apr 17 10:57 493a63a2-8110-4d88-a3cd-49f6643b670c
drwxr-x--- 2 neutron neutron 4096 Apr 17 10:57 78adc3ed-9e9c-47f7-83a2-315277a5be53

chmod 751 on both directories solves the issue.

neutron-common:
  Installed: 2:16.0.0~b3~git2020041516.5f42488a9a-0ubuntu1

Albert Damen (albrt) on 2020-04-17
description: updated
James Page (james-page) wrote :

Earlier fix would have resolved new installation issues, but would break on package upgrades.

Changed in neutron (Ubuntu):
importance: Undecided → High
assignee: nobody → James Page (james-page)
status: New → In Progress
summary: - dnsmasq needs access to /var/lib/neutron/dhcp/*
+ dnsmasq needs access to /var/lib/neutron/dhcp/* as nobody
James Page (james-page) wrote :

Fix uploaded which will ensure all files and subdirectories under /var/lib/neutron/dhcp are readable by the default dnsmasq process owner, nobody.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package neutron - 2:16.0.0~b3~git2020041516.5f42488a9a-0ubuntu2

---------------
neutron (2:16.0.0~b3~git2020041516.5f42488a9a-0ubuntu2) focal; urgency=medium

  * d/neutron-common.postinst: Ensure subdirectories and files under
    /var/lib/neutron/dhcp are readable by the nobody user which is used
    by dnsmasq (LP: #1873438).

 -- James Page <email address hidden> Fri, 17 Apr 2020 12:27:46 +0100

Changed in neutron (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers