[Bug 1918410] Re: isc-dhcp-client denied by apparmor
John Johansen
1918410 at bugs.launchpad.net
Sat Mar 27 12:25:10 UTC 2021
To further elaborate on why dhclient is accessing the comm
$ pstree -at 3395
dhclient ens3
├─{isc-socket}
├─{isc-timer}
└─{isc-worker0000}
where 3395 is the process. It has 3 additional threads and it is
providing functional names for them.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to isc-dhcp in Ubuntu.
https://bugs.launchpad.net/bugs/1918410
Title:
isc-dhcp-client denied by apparmor
Status in isc-dhcp package in Ubuntu:
Confirmed
Bug description:
Hi, I get weird errors in the audit log, seeing dhclient is being
denied reading its comm or the comm of one of its tasks:
[1383307.827378] audit: type=1400 audit(1615367094.054:162): apparmor="DENIED" operation="open" profile="/{,usr/}sbin/dhclient" name="/proc/1095210/task/1095213/comm" pid=1095210 comm="dhclient" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0
This might or might not be linked with the fact that I can't get an
IPv4 on this interface. Note that it happened to other, see this
comment:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1413232/comments/8
Or even an article recommending disabling apparmor for dhclient(!):
https://blog.anthony-jacob.com/perte-dip-v4-sous-ubuntu-20-04-apparmor-et-dhclient/
As I said, I'm not sure this is the root cause of the lack of IPv4 renewal, because running it manually *does* succeed in getting an IP. And running it in strace shows the EACCES failure:
[pid 1095210] openat(AT_FDCWD, "/proc/self/task/1095211/comm", O_RDWRstrace: Process 1095211 attached
) = -1 EACCES (Permission non accordée)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1918410/+subscriptions
More information about the foundations-bugs
mailing list