[Bug 1171838] Re: Last nights isc-dhcp-server update fails to start
Stéphane Graber
stgraber at stgraber.org
Tue Apr 23 15:35:12 UTC 2013
For anyone affected by this bug and who can't wait for the bugfix to
land, you can simply edit /etc/apparmor.d/usr.sbin.dhcpd and apply the
following diff, then do "sudo /etc/init.d/apparmor reload".
diff -Nru isc-dhcp-4.2.4/debian/apparmor-profile.dhcpd isc-dhcp-4.2.4/debian/apparmor-profile.dhcpd
--- isc-dhcp-4.2.4/debian/apparmor-profile.dhcpd 2012-10-16 21:25:47.000000000 +0200
+++ isc-dhcp-4.2.4/debian/apparmor-profile.dhcpd 2013-04-23 17:16:49.000000000 +0200
@@ -16,6 +16,8 @@
network inet raw,
network packet packet,
+ network packet raw,
+
@{PROC}/[0-9]*/net/dev r,
@{PROC}/[0-9]*/net/{dev,if_inet6} r,
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to isc-dhcp in Ubuntu.
https://bugs.launchpad.net/bugs/1171838
Title:
Last nights isc-dhcp-server update fails to start
Status in “isc-dhcp” package in Ubuntu:
Fix Released
Status in “isc-dhcp” source package in Quantal:
In Progress
Bug description:
== Rational ==
The recent isc-dhcp SRU to quantal introduced a patch that fixes cases where checksum offloading would cause the checksum to be empty by having dhcpd re-calculate the checksum in those case.
This requires dhcpd to use raw sockets, unfortunately I forgot to
allow those in the apparmor profile.
I've had 3 report so far of people who got a broken dhcpd post-upgrade
and I suspect the number to be far higher.
The fix simply copies the apparmor profile as we have it in raring
which allows the extra socket type.
== Test case ==
1) Install dhcpd on a machine that does checksum offloading (virtual machine with virtio for example) or uses infiniband
2) Check that dhcpd starts
== Regression potential ==
This is a direct copy of the apparmor profile from raring. The dmesg entry below quite clearly matches the socket type, so I don't expect any regression to happen.
--- Original bug report ---
This is Ubuntu 12.10
Start-Date: 2013-04-22 20:48:32
Commandline: apt-get --assume-yes dist-upgrade
Upgrade: isc-dhcp-client:i386 (4.2.4-1ubuntu10.1, 4.2.4-1ubuntu10.2), isc-dhcp-common:i386 (4.2.4-1ubuntu10.1, 4.2.4-1ubuntu10.2), isc-dhcp-server:i386 (4.2.4-1ubuntu10.1, 4.2.4-1ubuntu10.2)
End-Date: 2013-04-22 20:49:28
I forced a downgrade to the previous packages isc-dhcp-client_4.2.4-1ubuntu10.1_i386.deb
isc-dhcp-common_4.2.4-1ubuntu10.1_i386.deb isc-dhcp-server_4.2.4-1ubuntu10.1_i386.deb and it is working now.
Here a few of the log entries from when it was working to when it
stopped working:
Apr 22 20:27:57 io dhcpd: DHCPACK to 192.168.2.98 (00:1f:d0:d0:ed:50) via eth1
Apr 22 20:38:00 io dhcpd: DHCPINFORM from 192.168.2.98 via eth1
Apr 22 20:38:00 io dhcpd: DHCPACK to 192.168.2.98 (00:1f:d0:d0:ed:50) via eth1
Apr 22 20:48:02 io dhcpd: DHCPINFORM from 192.168.2.98 via eth1
Apr 22 20:48:02 io dhcpd: DHCPACK to 192.168.2.98 (00:1f:d0:d0:ed:50) via eth1
Apr 22 20:49:21 io dhcpd: Wrote 0 deleted host decls to leases file.
Apr 22 20:49:21 io dhcpd: Wrote 0 new dynamic host decls to leases file.
Apr 22 20:49:21 io dhcpd: Wrote 31 leases to leases file.
Apr 22 20:49:21 io dhcpd: Open a socket for LPF: Permission denied
Apr 22 20:49:21 io kernel: [168459.938698] type=1400 audit(1366678161.188:42): apparmor="DENIED" operation="create" parent=1 profile="/usr/sbin/dhcpd" pid=2443 comm="dhcpd" family="packet" sock_type="raw" protocol=768
Apr 22 20:49:21 io dhcpd: Wrote 0 deleted host decls to leases file.
Apr 22 20:49:21 io dhcpd: Wrote 0 new dynamic host decls to leases file.
Apr 22 20:49:21 io dhcpd: Wrote 31 leases to leases file.
Apr 22 20:49:21 io dhcpd: Open a socket for LPF: Permission denied
Apr 22 20:49:21 io kernel: [168460.091513] type=1400 audit(1366678161.340:43): apparmor="DENIED" operation="create" parent=1 profile="/usr/sbin/dhcpd" pid=2482 comm="dhcpd" family="packet" sock_type="raw" protocol=768
Apr 22 20:49:21 io dhcpd: Wrote 0 deleted host decls to leases file.
Apr 22 20:49:21 io dhcpd: Wrote 0 new dynamic host decls to leases file.
Apr 22 20:49:21 io dhcpd: Wrote 31 leases to leases file.
Apr 22 20:49:21 io dhcpd: Open a socket for LPF: Permission denied
Apr 22 20:49:21 io kernel: [168460.404076] type=1400 audit(1366678161.656:44): apparmor="DENIED" operation="create" parent=1 profile="/usr/sbin/dhcpd" pid=2491 comm="dhcpd" family="packet" sock_type="raw" protocol=768
Apr 22 20:49:21 io dhcpd: Wrote 0 deleted host decls to leases file.
Apr 22 20:49:21 io dhcpd: Wrote 0 new dynamic host decls to leases file.
Apr 22 20:49:21 io dhcpd: Wrote 31 leases to leases file.
Apr 22 20:49:21 io dhcpd: Open a socket for LPF: Permission denied
Apr 22 20:49:21 io kernel: [168460.487047] type=1400 audit(1366678161.736:45): apparmor="DENIED" operation="create" parent=1 profile="/usr/sbin/dhcpd" pid=2498 comm="dhcpd" family="packet" sock_type="raw" protocol=768
Apr 22 20:49:21 io dhcpd: Wrote 0 deleted host decls to leases file.
Apr 22 20:49:21 io dhcpd: Wrote 0 new dynamic host decls to leases file.
Apr 22 20:49:21 io dhcpd: Wrote 31 leases to leases file.
Apr 22 20:49:21 io dhcpd: Open a socket for LPF: Permission denied
pr 23 07:14:39 io dhcpd: Wrote 31 leases to leases file.
Apr 23 07:14:40 io dhcpd: Open a socket for LPF: Permission denied
Apr 23 07:14:40 io kernel: [ 49.077715] type=1400 audit(1366715680.165:46): apparmor="DENIED" operation="create" parent=1 profile="/usr/sbin/dhcpd" pid=1817 comm="dhcpd" family="packet" sock_type="raw" protocol=768
Apr 23 07:14:40 io dhcpd: Wrote 0 deleted host decls to leases file.
Apr 23 07:14:40 io dhcpd: Wrote 0 new dynamic host decls to leases file.
Apr 23 07:14:40 io dhcpd: Wrote 31 leases to leases file.
Apr 23 07:14:40 io dhcpd: Open a socket for LPF: Permission denied
Apr 23 07:14:40 io kernel: [ 49.248752] type=1400 audit(1366715680.337:47): apparmor="DENIED" operation="create" parent=1 profile="/usr/sbin/dhcpd" pid=1892 comm="dhcpd" family="packet" sock_type="raw" protocol=768
Apr 23 07:14:40 io dhcpd: Wrote 0 deleted host decls to leases file.
Apr 23 07:14:40 io dhcpd: Wrote 0 new dynamic host decls to leases file.
Apr 23 07:14:40 io dhcpd: Wrote 31 leases to leases file.
Apr 23 07:14:40 io dhcpd: Open a socket for LPF: Permission denied
Apr 23 07:14:40 io kernel: [ 49.509316] type=1400 audit(1366715680.597:48): apparmor="DENIED" operation="create" parent=1 profile="/usr/sbin/dhcpd" pid=2101 comm="dhcpd" family="packet" sock_type="raw" protocol=768
Apr 23 07:14:40 io dhcpd: Wrote 0 deleted host decls to leases file.
Apr 23 07:14:40 io dhcpd: Wrote 0 new dynamic host decls to leases file.
Apr 23 07:14:40 io dhcpd: Wrote 31 leases to leases file.
Apr 23 07:14:41 io dhcpd: Open a socket for LPF: Permission denied
Apr 23 07:14:41 io kernel: [ 49.956465] type=1400 audit(1366715681.045:49): apparmor="DENIED" operation="create" parent=1 profile="/usr/sbin/dhcpd" pid=2119 comm="dhcpd" family="packet" sock_type="raw" protocol=768
Apr 23 07:14:41 io dhcpd: Wrote 0 deleted host decls to leases file.
Apr 23 07:14:41 io dhcpd: Wrote 0 new dynamic host decls to leases file.
Apr 23 07:14:41 io dhcpd: Wrote 31 leases to leases file.
Apr 23 07:14:41 io dhcpd: Open a socket for LPF: Permission denied
Apr 23 07:14:41 io kernel: [ 50.147287] type=1400 audit(1366715681.237:50): apparmor="DENIED" operation="create" parent=1 profile="/usr/sbin/dhcpd" pid=2139 comm="dhcpd" family="packet" sock_type="raw" protocol=768
Apr 23 07:14:41 io dhcpd: Wrote 0 deleted host decls to leases file.
Apr 23 07:14:41 io dhcpd: Wrote 0 new dynamic host decls to leases file.
Apr 23 07:14:41 io dhcpd: Wrote 31 leases to leases file.
Apr 23 07:14:41 io dhcpd: Open a socket for LPF: Permission denied
Apr 23 07:14:41 io kernel: [ 50.332243] type=1400 audit(1366715681.421:51): apparmor="DENIED" operation="create" parent=1 profile="/usr/sbin/dhcpd" pid=2154 comm="dhcpd" family="packet" sock_type="raw" protocol=768
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1171838/+subscriptions
More information about the foundations-bugs
mailing list