[Touch-packages] [Bug 2083017] Re: network-manager changed path to nm-dhcp-helper, apparmor need update

Skia Thu, 03 Apr 2025 01:46:17 -0700

** Also affects: apparmor (Ubuntu)
   Importance: Undecided
       Status: New


** Changed in: apparmor (Ubuntu)
       Status: New => Confirmed

** Changed in: isc-dhcp (Ubuntu)
       Status: Confirmed => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2083017

Title:
  network-manager changed path to nm-dhcp-helper, apparmor need update

Status in apparmor package in Ubuntu:
  Confirmed
Status in isc-dhcp package in Ubuntu:
  Invalid

Bug description:
  From the Debian Bug report logs - #1055067
  isc-dhcp-client: network-manager 1.44.2-3 changed path to nm-dhcp-helper, 
apparmor need update

  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055067

  The problem causes the DHCP fail to receive the IP with this error in
  the dmesg command:

  [ 1037.911083] audit: type=1400 audit(1727430402.572:1355):
  apparmor="DENIED" operation="exec" class="file"
  profile="/{,usr/}sbin/dhclient" name="/usr/libexec/nm-dhcp-helper"
  pid=6763 comm="dhclient" requested_mask="x" denied_mask="x" fsuid=0
  ouid=0

  The /etc/apparmor.d/sbin.dhclient file needs to be updated to include
  the /usr/libexec/nm-dhcp-helper (instead of
  /usr/lib/NetworkManager/nm-dhcp-helper). Just in case, to solve it, I
  duplicated the definitions for the NetworkManager/nm-dhcp-helper.

  FILE: /etc/apparmor.d/sbin.dhclient

  ....
    # Support the new executable helper from NetworkManager.
    /usr/lib/NetworkManager/nm-dhcp-helper          Pxrm,
    signal (receive) peer=/usr/lib/NetworkManager/nm-dhcp-helper,
    /usr/libexec/nm-dhcp-helper          Pxrm,
    signal (receive) peer=/usr/libexec/nm-dhcp-helper,
  ....
  /usr/lib/NetworkManager/nm-dhcp-helper {
    #include <abstractions/base>
    #include <abstractions/dbus>
    /usr/lib/NetworkManager/nm-dhcp-helper mr,

    /run/NetworkManager/private-dhcp rw,
    signal (send) peer=/sbin/dhclient,

    /var/lib/NetworkManager/*lease r,
    signal (receive) peer=/usr/sbin/NetworkManager,
    ptrace (readby) peer=/usr/sbin/NetworkManager,
    network inet dgram,
    network inet6 dgram,
  }

  /usr/libexec/nm-dhcp-helper {
    #include <abstractions/base>
    #include <abstractions/dbus>
    /usr/libexec/nm-dhcp-helper mr,

    /run/NetworkManager/private-dhcp rw,
    signal (send) peer=/sbin/dhclient,

    /var/lib/NetworkManager/*lease r,
    signal (receive) peer=/usr/sbin/NetworkManager,
    ptrace (readby) peer=/usr/sbin/NetworkManager,
    network inet dgram,
    network inet6 dgram,
  }
  ....

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2083017/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2083017] Re: network-manager changed path to nm-dhcp-helper, apparmor need update

Reply via email to