[Bug 1005062] Re: dhcpd cannot READ /var/run/dhcpd.pid because of bad apparmor config

Mon Jun 11 15:30:14 UTC 2012

This bug was fixed in the package isc-dhcp - 4.1.ESV-R4-0ubuntu5.1

---------------
isc-dhcp (4.1.ESV-R4-0ubuntu5.1) precise-proposed; urgency=low

  * Set -pf option for both isc-dhcp-server and isc-dhcp-server6 so they
    create their pid files in a path that's actually writable. (LP: #985417)
  * Also allow read access to the pid file in the apparmor profile,
    otherwise only the initial start succeeds. (LP: #1005062)
  * On upgrade from dhcp3-server, move /etc/default/dhcp3-server to
    /etc/default/isc-dhcp-server. (LP: #1003971)
  * On upgrade from dhcp3-relay, remove /etc/default/dhcp3-relay.
    (LP: #1005547)
  * Try to preseed isc-dhcp-relay with the values from
    /etc/default/dhcp3-relay. (LP: #1005547)
 -- Stephane Graber <stgraber at ubuntu.com>   Sun, 27 May 2012 20:41:13 -0400

** Changed in: isc-dhcp (Ubuntu Precise)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to isc-dhcp in Ubuntu.
https://bugs.launchpad.net/bugs/1005062

Title:
  dhcpd cannot READ /var/run/dhcpd.pid because of bad apparmor config

Status in “isc-dhcp” package in Ubuntu:
  Fix Released
Status in “isc-dhcp” source package in Precise:
  Fix Released
Status in “isc-dhcp” source package in Quantal:
  Fix Released

Bug description:
  This bug is present in the latest versions of isc-dhcp-server
  available in precise and in natty.

  This bugs prevents dhcpd from detecting the presence of an already
  running dhcpd, the result is multiple copies of dhcpd running when
  there should only ever be one ( or none ).

  apparmor="DENIED" operation="open" parent=31445
  profile="/usr/sbin/dhcpd" name="/run/dhcp-server/dhcpd.pid" pid=31446
  comm="dhcpd" requested_mask="r" denied_mask="r" fsuid=121 ouid=121

  Apparmor config for dhcpd
  /{,var/}run/{,dhcp-server/}dhcpd{,6}.pid w,

  dhcpd needs access to read the pid file in server/dhcpd.c

                  /*Read previous pid file. */
                  if ((i = open (path_dhcpd_pid, O_RDONLY)) >= 0) {
                          status = read(i, pbuf, (sizeof pbuf) - 1);
                          close (i);
                          if (status > 0) {
                                  pbuf[status] = 0;
                                  pid = atoi(pbuf);

                                  /*
                                   * If there was a previous server process and
                                   * it is still running, abort
                                   */
                                  if (!pid ||
                                      (pid != getpid() && kill(pid, 0) == 0))
                                          log_fatal("There's already a "
                                                    "DHCP server running.");
                          }
                  }

  Testcase:
  1) Follow the testcase from bug 985417
  2) Once you're done with that testcase, restart isc-dhcp-server and isc-dhcp-server6 (if doing IPv6 testing)
  3) Check "dmesg" for any apparmor error

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1005062/+subscriptions