Public bug reported: Dear Sir or Madam,
during installation of kea-2.4 (kea-dhcp4, kea-dhcp6 and kea-ctrl-agent) some profiles for apparmor are installed/created as well. Unfortunately these profiles prevent kea services to start when for example MySQL as backend is configured. Config snippet from kea-dhcp4.conf: "hosts-database": { "type": "mysql", "name": "kea", "user": "kea", "password": "password", "host": "", "port": 3306 }, Error message from kea-dhcp4-server: ERROR [kea-dhcp4.dhcp4.125444634970560] DHCP4_CONFIG_LOAD_FAIL configuration error using file: /etc/kea/kea-dhcp4.conf, reason: Unable to open database: Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (13) ERROR [kea-dhcp4.dhcp4.125444634970560] DHCP4_INIT_FAIL failed to initialize Kea server: configuration error using file '/etc/kea/kea-dhcp4.conf': Unable to open database: Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (13) Message from dmesg: [ 685.201719] audit: type=1400 audit(1714811351.219:113): apparmor="DENIED" operation="connect" class="file" info="Failed name lookup - disconnected path" error=-13 profile="kea-dhcp4" name="run/mysqld/mysqld.sock" pid=2887 comm="kea-dhcp4" requested_mask="wr" denied_mask="wr" fsuid=111 ouid=110 As you can see, kea can't connect to mysql through the socket, since apparmor is preventing it. There is a similar issue with using the kea-ctrl-agent with the other services. In your installed apparmor profiles you specifically allow the socket /run/kea/kea4-ctrl-socket profile snippet: # Control sockets # Before LP: #1863100, these were in /tmp. For compatibility, let's keep both # locations owner /{tmp,run/kea}/kea4-ctrl-socket w, owner /{tmp,run/kea}/kea4-ctrl-socket.lock rwk, Naming it anything else prevents the server to start as well. It's really time-consuming and nerve racking to debug this, since the issue with apparmor is not directly apparently. ProblemType: Bug DistroRelease: Ubuntu 24.04 Package: kea-dhcp4-server 2.4.1-3build3 ProcVersionSignature: Ubuntu 6.8.0-31.31-generic 6.8.1 Uname: Linux 6.8.0-31-generic x86_64 ApportVersion: 2.28.1-0ubuntu2 Architecture: amd64 CasperMD5CheckResult: unknown Date: Sat May 4 10:33:20 2024 ProcEnviron: LANG=en_US.UTF-8 PATH=(custom, no user) SHELL=/bin/bash TERM=xterm-256color XDG_RUNTIME_DIR=<set> SourcePackage: isc-kea UpgradeStatus: No upgrade log present (probably fresh install) modified.conffile..etc.kea.kea-dhcp4.conf: [modified] mtime.conffile..etc.kea.kea-dhcp4.conf: 2024-05-04T10:28:43.848349 ** Affects: isc-kea (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug noble -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2064791 Title: apparmor prevents kea launch To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/isc-kea/+bug/2064791/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs