The problem is how dhcpd's implements privilege seperation. It doesn't
work well with AppArmor and kernel (hard)link protection.

dhcpd expects to be able to write the leases file and create new files in 
/var/lib/dhcp when rotating the leases file hourly.
As dhcpd is run as user dhcpd, the directory and the files there belonged to 
dhcpd:dhcpd in the past till it caused a problem with AppArmor (see bug 
#1028526). As a fix for this the directory and the files belong now root:root 
and dhcpd can start but not rotate the leases file as user dhcpd anymore 
(current bug).

Trying to just set dhcpd as owner for /var/lib/dhcp doesn't work as then
the kernel hardlink protection triggers when dhcpd tries to hardlink
dhcpd.leases (owned by root) to dhcpd.leases~ when rotating the leases
file as user dhcpd. Setting dhcpd as the owner of the leases file too,
doesn't work either [1] as we are then back where we started.

1: It doesn't work when it belongs dhcpd:dhcpd when the dhcpd get
started, but it works when the leases file belongs root when dhcpd gets
started and *after* dhcpd got started chowned manually back to dhcpd.


The proper fix is to have dhcpd open the leases file as user dhcpd during start 
and not root and having /var/lib/dhcp/ and the leases file belong to 
dhcpd:dhcpd.

** Changed in: isc-dhcp (Ubuntu)
       Status: Confirmed => Triaged

** Changed in: isc-dhcp (Ubuntu)
     Assignee: (unassigned) => Michael Bienia (geser)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1186662

Title:
  isc-dhcp-server fails to renew lease file

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1186662/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to