[Bug 2031398] Re: execve (/bin/true, ...): Permission denied printed, when cloud-init-local run

Christian Ehrhardt  2031398 at bugs.launchpad.net
Wed Aug 23 08:59:29 UTC 2023 

*** This bug is a duplicate of bug 2011628 ***
    https://bugs.launchpad.net/bugs/2011628

Looking at most recent isc-dhcp

I see:

 65   # Since dhclient doesn't provide the option to disable hooks, which is         
 66   # desireable in some cases, executing /bin/true as the script file suffices    
 67   /{,usr/}bin/true                                       ixr, 

Which should actually allow it, right?

But the apparmor profile in comment #3 has not.
:-)

Checking different releases.
- fixed in Mantic
- not fixed in Lunar
- not fixed in Debian

Change came in via no other than:

 115 isc-dhcp (4.4.3-P1-1ubuntu2) mantic; urgency=medium                              
 116                                                                                  
 117   * debian/apparmor/sbin.dhclient: Allow disabling dhclient hooks. LP: #2011628  
 118                                                                                  
 119  -- Brett Holman <brett.holman at canonical.com>  Fri, 17 Mar 2023 15:38:35 -0600 

So we are aware of this.
Therefore this bug here is actually a duplicate of bug 2011628

** This bug has been marked a duplicate of bug 2011628
   Apparmor Disallows Disabling Dhclient Scripts

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to isc-dhcp in Ubuntu.
https://bugs.launchpad.net/bugs/2031398

Title:
  execve (/bin/true, ...): Permission denied printed,when cloud-init-
  local run

Status in cloud-init package in Ubuntu:
  Invalid
Status in isc-dhcp package in Ubuntu:
  Triaged

Bug description:
  In cloud-init-local stage , using dhclient command to discovery ip and getting metadata from meta-server.
  The command which cloud-init-local execute is '/usr/sbin/dhclient -1 -v -lf /run/dhclient.lease -pf /run/dhclient.pid eth0 -sf /bin/true'. However, when the apparmor service is loaded, the kernel prevents the /usr/sbin/dhclient command from executing scripts other than /sbin/dhclient-script. And when the -sf parameter is used in cloud-init-local to specify the execution of /bin/true, this error occurs during the execve call in the dhclient process.

  
  lsb_release -rd:
  Description:	Ubuntu 22.04.2 LTS
  Release:	22.04

  cloud-init : 23.1.2-0ubuntu0~22.04.1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/2031398/+subscriptions

More information about the foundations-bugs mailing list