[Bug 1540672] Re: [xenial] dhcp server does not work with apparmor enabled

[Jamie Strandboge]

This seems like a duplicate of bug #1540672, but there isn't enough
information in this bug. Are you still seeing this with up to date
xenial? Can you undo the changes to the profile and perform 'ubuntu-bug
1540672' so that more information can be attached to this bug? Also,
please attach your profile after undoing the changes.

** No longer affects: apparmor (Ubuntu)

** Tags added: apparmor

** Changed in: isc-dhcp (Ubuntu)
       Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to isc-dhcp in Ubuntu.
https://bugs.launchpad.net/bugs/1540672

Title:
  [xenial] dhcp server does not work with apparmor enabled

Status in isc-dhcp package in Ubuntu:
  Incomplete

Bug description:
  I only seem to be able to make my dhcp server work properly by disabling apparmor.
  With apparmor enabled it seems to complain that it is unable to open the leases file for append.
  With apparmor either disabled completely (via linux command line in grub), or set to complain mode for /usr/sbin/dhcpd, the dhcp server appears to work fine (so far).

  Observed with 2.10-0ubuntu11, and 2.10-0ubuntu12 (from the update of
  today). I do not know about any previous version, as this is my first
  attempt with xenial at setting up a dhcp server.

  My system is being built fresh from the daily Ubuntu server AMD64 ISO
  of 2016.01.30. The hard disk is new, as the old one (12.04 server)
  failed.

  I do not know if it is relevant, but I do notice an edit date of
  2016.01.25 in /etc/apparmor.d/usr.sbin.dhcpd

  The main problem log line:

  kernel: [   22.629981] audit: type=1400 audit(1454368046.405:10):
  apparmor="DENIED" operation="capable" profile="/usr/sbin/dhcpd"
  pid=1198 comm="dhcpd" capability=1  capname="dac_override"

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1540672/+subscriptions