No, not fixed. Comment #15 is an example of the problem still. It's 5
years later. Infiniband IPoIB causes this same problem even with the
"fix". 'rmmod ib_ipoib' allows dhcp to start. Having the module loaded
and the interface configured prevents dhcpd from starting due to
apparmor.
--
You recei
Marking as Fix Released based on comment #11. If other people are still
seeing this, please file a new bug. Thanks
** Changed in: apparmor (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubunt
I've just hit this
[518820.279862] type=1400 audit(1392708646.017:161): apparmor="DENIED"
operation="create" parent=1 profile="/usr/sbin/dhcpd" pid=26521
comm="dhcpd" family="packet" sock_type="dgram" protocol=8
It started when I added a config stanza for a subnet that is on ib1 and
restarted d
Update:
If I have this only:
network inet raw,
network packet packet,
network packet raw,
and REBOOT the server, not reload apparmor, it works. If I attempt to
reload or start isc-dhcp-server or apparmor, it fails with the
permission error. Rebooting the server shows the proper items in syslog.
W
I am running 12.04 LTS. I did all the updates today and isc-dhcp-server
would not work. I added all the suggested fixes in apparmor with no
luck. I had to disable apparmor and reboot the server for dhcp to work.
I have:
network inet raw,
network packet packet,
network packet raw,
network packet,
n
The problem also currently exists on Ubuntu 10.04 LTS
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1103043
Title:
AppArmor won't let DHCP server write to file
To manage notifications about this b
The latest package update on 12.10 seems to fix it.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1103043
Title:
AppArmor won't let DHCP server write to file
To manage notifications about this bug
The problem also currently exists on Ubuntu 12.10.
Adding "network packet raw" to /etc/apparmor.d/usr.sbin.dhcpd does resolve it.
** Changed in: apparmor (Ubuntu)
Status: Expired => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribe
[Expired for apparmor (Ubuntu) because there has been no activity for 60
days.]
** Changed in: apparmor (Ubuntu)
Status: Incomplete => Expired
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1103
Add
network packet raw,
or if you want a more generic broader rule you could change
network packet packet,
to
network packet,
which would cover all sockets in the packet address family
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to U
Are you suggesting that I change
network packet packet, to network packet raw,
Or just add network packet raw,
What I have now is:
network inet raw,
network packet packet,
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
htt
I can't tell you how to fix the logging, as I am not even sure where the
failure is yet. It possible the kernel is cutting the message off, or
possibly the logging daemon.
However the message is enough for me to recognize the failure as a rule
missing for the socket af packet. I don't have full i
How would you change the log file to get the whole error? That is all
the file contains.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1103043
Title:
AppArmor won't let DHCP server write to file
T
Hi,
Sorry for the troubles. It looks like the dhcp profile needs to be
extended to take into account LPF. Unfortunately, the rejection line in
the description has been truncated '[..] family="pa$'; until we can see
the complete rejection entry, it'll be hard to suggest how to modify the
profile.
I had to remove it from starting. But my system is running just fine. If
someone would post a change to AppAmor setting for the dhcp server then
you could restart it.
to stop it just:
sudo /etc/init.d/apparmor stop
sudo update-rc.d -f apparmor remove
when the upgrade gets made you can restart it.
Suffering from this as well, disabling apparmor didnt help either...
just started this morning...
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1103043
Title:
AppArmor won't let DHCP server write t
16 matches
Mail list logo