> Cloud-init users on these releases that wish to see no apparmour warnings
> might locally include this rule themselves via:
>
> echo " /bin/true Uxr," > /etc/apparmor.d/local/sbin.dhclient
Note for other users finding their way here via googling for error
messages: On jammy (22.04) at least, you will need to account for /bin
being a symlink to /usr/bin, and thus the line becomes (following the
standard brace syntax and also the ordering conventions in the default
apparmor profiles):
echo ' /{,usr/}bin/true Uxr,' > /etc/apparmor.d/local/sbin.dhclient
This will silence the execve warnings in 22.04.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to isc-dhcp in Ubuntu.
https://bugs.launchpad.net/bugs/2011628
Title:
Apparmor Disallows Disabling Dhclient Scripts
Status in isc-dhcp package in Ubuntu:
Fix Released
Status in isc-dhcp source package in Focal:
New
Status in isc-dhcp source package in Jammy:
New
Status in isc-dhcp source package in Lunar:
New
Status in isc-dhcp package in Debian:
New
Bug description:
In some cases, it may be desirable to disable dhclient scripts. By
default /sbin/dhclient-script is used, and some others are allowed by
the apparmor profile.
Without Apparmor, disabling hook scripts can be accomplished with
flags -sf /bin/true, but with apparmor enabled this gets blocked:
execve (/bin/true, ...): Permission denied
Unfortunately dhclient doesn't appear to provide any other mechanism
for disabling hook scripts.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/2011628/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
