[Bug 776945] Re: Apparmor results in denying operation mknod for isc-dhcp-server

Adam Gandelman 776945 at bugs.launchpad.net
Wed Aug 24 18:01:02 UTC 2011 

The permission error is due to the fact that dhcpd is being started with
no arguments and attempting to create the .pid file in a directory it
does not have access to.   If instead, it is started as 'dhcpd -pf
/var/run/dhcp-server/dhcpd.pid' it will succeed in creating its pid file
and reading its default configuration /etc/dhcpd.conf (regardless of how
dhcpd.conf was generated).  The isc-dhcp-server init script takes care
of these details and ensures the daemon is being started with the
correct defaults (which also use /etc/dhcp/dhcpd.conf instead of
/etc/dhcpd.conf)

Furthermore, the location of the Cobbler generated dhcpd.conf appears to
not even be configurable anymore (since natty, at least). Instead,
cobbler contains logic to determine where to put this based on distro
and relies on distro supplied init scripts to the rest:

/usr/lib/python2.7/dist-packages/cobbler/utils.py:

def dhcpconf_location(api):
    version = api.os_version
    if version[0] in [ "redhat", "centos" ] and version[1] < 6:
        return "/etc/dhcpd.conf"
    elif version[0] in [ "fedora" ] and version[1] < 11:
        return "/etc/dhcpd.conf"
    else:
        return "/etc/dhcp/dhcpd.conf"


** Changed in: isc-dhcp (Ubuntu)
       Status: Confirmed => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to isc-dhcp in Ubuntu.
https://bugs.launchpad.net/bugs/776945

Title:
  Apparmor results in denying operation mknod for isc-dhcp-server

Status in “isc-dhcp” package in Ubuntu:
  Invalid

Bug description:
  Binary package hint: isc-dhcp-server

  I have isc-dhcp-server installed , i have configured  the needed
  /etc/dhcpd.conf file but when i try to execute

  #dhcpd

  it results in 
  can`t create PID file /var/run/dhcpd.pid :Permission denied.

  My syslog suggests me apparmor is denying the operation.

  #tail -f /var/log/syslog
  May  3 23:31:26 natty kernel: [  354.126130] type=1400 audit(1304490686.397:10): apparmor="DENIED" operation="mknod" parent=1 profile="/usr/sbin/dhcpd" name="/var/run/dhcpd.pid" pid=1116 comm="dhcpd" requested_mask="c" denied_mask="c" fsuid=105 ouid=105

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/776945/+subscriptions

More information about the foundations-bugs mailing list