Admitting I know very little about apparmor, here is the profile that worked
for me:
# cat /etc/apparmor.d/usr.sbin.dhcpd
# vim:syntax=apparmor
#include <tunables/global>
/usr/sbin/dhcpd {
#include <abstractions/base>
#include <abstractions/nameservice>
capability chown,
capability dac_override,
capability net_bind_service,
capability net_raw,
capability setgid,
capability setuid,
capability sys_chroot,
network inet raw,
network packet raw,
/etc/dhcp/dhcpd.conf r,
/etc/dhcp/dhcpd6.conf r,
/etc/bind/* r,
/etc/hosts.allow r,
/etc/hosts.deny r,
@{PROC}/net/dev r,
/usr/sbin/dhcpd rmix,
/var/lib/dhcp/dhcpd.leases* rwl,
/var/lib/dhcp/dhcpd6.leases* rwl,
/{,var/}run/dhcp-server/dhcpd.pid wl,
}
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1901373
Title:
isc-dhcp-server AppArmor Denied on
/proc/sys/net/ipv4/ip_local_port_range
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1901373/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
