Hi, On Thu, Mar 30, 2023 at 9:50 AM Markus Viitamäki <mar...@viitamaki.net> wrote: > > Wait a second.. > > It works for me now also, but the only thing I have changed is the changes > from your apparmor MR in #1033640. > I feel stupid now, but the problem seems to be fixed by the apparmor change.. > > lsof -Pni | grep -i kea > kea-dhcp4 21119 _kea 15u IPv4 1214014 0t0 UDP 172.XX.XX.5:67 > kea-dhcp6 22424 _kea 15u IPv6 1334939 0t0 UDP > [2a0e:XXXX:XXXX:XXXX::5]:547 > kea-dhcp6 22424 _kea 16u IPv6 1334941 0t0 UDP > [fe80::250:56ff:fe96:dfb3]:547 > kea-dhcp6 22424 _kea 17u IPv6 1334944 0t0 UDP [ff02::1:2]:547 > > It serves clients correctly now, so I am happy. But confused..
The apparmor change included a whole abstraction now, and not just a rule to allow a certain protocol, so one of these other rules might have done it. Or maybe you didn't spot the apparmor DENIED message before in the logs, or it was not shown due to throttling. Please keep an eye on it, as there are periodic jobs run by the servers (kea-lfc comes to mind), and the dhcp6 daemon wasn't as tested with apparmor as the dhcp4 one.