The problem is how dhcpd's implements privilege seperation. It doesn't
work well with AppArmor and kernel (hard)link protection.
dhcpd expects to be able to write the leases file and create new files in
/var/lib/dhcp when rotating the leases file hourly.
As dhcpd is run as user dhcpd, the directory and the files there belonged to
dhcpd:dhcpd in the past till it caused a problem with AppArmor (see bug
#1028526). As a fix for this the directory and the files belong now root:root
and dhcpd can start but not rotate the leases file as user dhcpd anymore
(current bug).
Trying to just set dhcpd as owner for /var/lib/dhcp doesn't work as then
the kernel hardlink protection triggers when dhcpd tries to hardlink
dhcpd.leases (owned by root) to dhcpd.leases~ when rotating the leases
file as user dhcpd. Setting dhcpd as the owner of the leases file too,
doesn't work either [1] as we are then back where we started.
1: It doesn't work when it belongs dhcpd:dhcpd when the dhcpd get
started, but it works when the leases file belongs root when dhcpd gets
started and *after* dhcpd got started chowned manually back to dhcpd.
The proper fix is to have dhcpd open the leases file as user dhcpd during start
and not root and having /var/lib/dhcp/ and the leases file belong to
dhcpd:dhcpd.
** Changed in: isc-dhcp (Ubuntu)
Status: Confirmed => Triaged
** Changed in: isc-dhcp (Ubuntu)
Assignee: (unassigned) => Michael Bienia (geser)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1186662
Title:
isc-dhcp-server fails to renew lease file
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1186662/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
