This bug is imho not fixed for my Ubuntu 14.04.2 LTS Server with this
current "fixed" version of isc-dhcp-server 4.2.4-7ubuntu12.1.
I assume the lease file can't be rotated because its owned by root.
# ls -la /var/lib/dhcp
total 24
5374571 drwxr-xr-x 2 root root 4096 Apr 19 14:54 .
5374092 drwxr-xr-x 92 root root 4096 Apr 4 17:31 ..
5374293 -rw-r--r-- 1 root root 6319 Apr 19 14:54 dhcpd.leases
5379328 -rw-r--r-- 1 root root 6319 Apr 19 14:53 dhcpd.leases~
It occours also after a restart of isc-dhcp-server.
The only quick solution for me was to add a "chown .." in the
/etc/init.d/isc-dhcp-server startscript (at the end of the start/stop/restart
sections, i.e. to prevent overwrites during process starts
restart | force-reload)
test_config
$0 stop
sleep 2
$0 start
if [ "$?" != "0" ]; then
exit 1
fi
chown dhcpd /var/lib/dhcp/*
;;
additional I changed "chown root:root" to "chown dhcpd:dhcpd" in the file:
/etc/init/isc-dhcp-server.conf
# Allow dhcp server to write lease and pid file as 'dhcpd' user
mkdir -p /var/run/dhcp-server
chown dhcpd:dhcpd /var/run/dhcp-server
# The leases files need to be root:root even when dropping privileges
[ -e /var/lib/dhcp/dhcpd.leases ] || touch /var/lib/dhcp/dhcpd.leases
#chown root:root /var/lib/dhcp /var/lib/dhcp/dhcpd.leases
chown dhcpd:dhcpd /var/lib/dhcp /var/lib/dhcp/dhcpd.leases
if [ -e /var/lib/dhcp/dhcpd.leases~ ]; then
#chown root:root /var/lib/dhcp/dhcpd.leases~
chown dhcpd:dhcpd /var/lib/dhcp/dhcpd.leases~
fi
The properties of the affected Ubuntu system (dhclient is disabled)
# dpkg -l |grep isc-dhcp-server
ii isc-dhcp-server 4.2.4-7ubuntu12.1 amd64 ISC DHCP server for automatic IP
address assignment
# uname -a
Linux gandalf 3.13.0-49-generic #83-Ubuntu SMP Fri Apr 10 20:11:33 UTC 2015
x86_64 x86_64 x86_64 GNU/Linux
# cat /etc/issue
Ubuntu 14.04.2 LTS \n \l
Apparmor config looks like
# grep leases /etc/apparmor.d/usr.sbin.dhcpd
/var/lib/dhcp/dhcpd{,6}.leases* lrw,
/etc/dhcpd{,6}.leases* lrw,
/{,var/}run/eucalyptus/net/*.leases* lrw,
# tail -f syslog
Apr 19 16:51:06 gandalf dhcpd: Wrote 24 leases to leases file.
Apr 19 16:51:06 gandalf dhcpd: Can't backup lease database
/var/lib/dhcp/dhcpd.leases to /var/lib/dhcp/dhcpd.leases~: Operation not
permitted
Apr 19 16:51:06 gandalf dhcpd: Added reverse map from 10.2.10.10.in-addr.arpa.
to lab-01.lab.foo.bar.
Apr 19 16:51:06 gandalf kernel: [14157.954888] audit_printk_skb: 57 callbacks
suppressed
Apr 19 16:51:06 gandalf kernel: [14157.954892] type=1702
audit(1429455066.150:174): op=linkat ppid=1 pid=2240 auid=4294967295 uid=121
gid=130 euid=121 suid=121 fsuid=121 egid=130 sgid=130 fsgid=130 tty=(none)
ses=4294967295 comm="dhcpd" exe="/usr/sbin/dhcpd" res=0
Apr 19 16:51:06 gandalf kernel: [14157.954899] type=1302
audit(1429455066.150:175): item=0 name="/var/lib/dhcp/dhcpd.leases"
inode=5375035 dev=08:01 mode=0100644 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL
# tail -f /var/log/kern.log
Apr 19 16:51:06 gandalf kernel: [14157.954892] type=1702
audit(1429455066.150:174): op=linkat ppid=1 pid=2240 auid=4294967295 uid=121
gid=130 euid=121 suid=121 fsuid=121 egid=130 sgid=130 fsgid=130 tty=(none)
ses=4294967295 comm="dhcpd" exe="/usr/sbin/dhcpd" res=0
Apr 19 16:51:06 gandalf kernel: [14157.954899] type=1302
audit(1429455066.150:175): item=0 name="/var/lib/dhcp/dhcpd.leases"
inode=5375035 dev=08:01 mode=0100644 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1417658
Title:
apparmor denied operation file_inherit from networkmanager when using
HWE kernel
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1417658/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
