I came across this bug myself and decided to take a closer look. On trusty, as
mentioned, we need the extra PARANOIA patch fro 4.3.3. This will chown the
lease file to dhcpd:dhcpd so that afterwards rotation works. I backported a
very minimal patch for this. However, the upstart job needed to be adjusted to
have this instead:
...
# The leases files need to be root:dhcpd for dropping privileges
[ -e /var/lib/dhcp/dhcpd.leases ] || touch /var/lib/dhcp/dhcpd.leases
chown root:dhcpd /var/lib/dhcp /var/lib/dhcp/dhcpd.leases
chmod 775 /var/lib/dhcp
chmod 664 /var/lib/dhcp/dhcpd.leases
...
'capability chown' needs to be added to the apparmor profile. This
allows root to open the file in /var/lib/dhcp without capability
dac_override or capability fowner, allows the fchown of the lease file
to dhcpd:dhcpd, then allows the dhcpd user to manage the leases and
leases~ files. I have test packages in https://launchpad.net/~ubuntu-
security-proposed/+archive/ubuntu/ppa/+packages if people want to try
them out. If they work for affected users, I'll pursue an SRU to trusty-
updates.
I didn't look at xenial very closely, but it doesn't seem to need the
root:dhcpd setup. Upstream must have reordered priv dropping and the
fchown, etc for this to work. While it would be possible to backport
these changes to trusty, I prefer the minimal patch and change to the
upstart job in the ppa for a stable release update.
** Changed in: isc-dhcp (Ubuntu Trusty)
Status: Confirmed => Triaged
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1186662
Title:
isc-dhcp-server fails to renew lease file
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1186662/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
