Ubuntu
isc-dhcp package

dhcpd cannot READ /var/run/dhcpd.pid because of bad apparmor config

Bug #1005062 reported by Serge
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
isc-dhcp (Ubuntu)
Fix Released
Undecided
Unassigned
Precise
Fix Released
Low
Stéphane Graber
Quantal
Fix Released
Undecided
Unassigned

Bug Description

This bug is present in the latest versions of isc-dhcp-server available in precise and in natty.

This bugs prevents dhcpd from detecting the presence of an already running dhcpd, the result is multiple copies of dhcpd running when there should only ever be one ( or none ).

apparmor="DENIED" operation="open" parent=31445 profile="/usr/sbin/dhcpd" name="/run/dhcp-server/dhcpd.pid" pid=31446 comm="dhcpd" requested_mask="r" denied_mask="r" fsuid=121 ouid=121

Apparmor config for dhcpd
/{,var/}run/{,dhcp-server/}dhcpd{,6}.pid w,

dhcpd needs access to read the pid file in server/dhcpd.c

                /*Read previous pid file. */
                if ((i = open (path_dhcpd_pid, O_RDONLY)) >= 0) {
                        status = read(i, pbuf, (sizeof pbuf) - 1);
                        close (i);
                        if (status > 0) {
                                pbuf[status] = 0;
                                pid = atoi(pbuf);

                                /*
                                 * If there was a previous server process and
                                 * it is still running, abort
                                 */
                                if (!pid ||
                                    (pid != getpid() && kill(pid, 0) == 0))
                                        log_fatal("There's already a "
                                                  "DHCP server running.");
                        }
                }

Testcase:
1) Follow the testcase from bug 985417
2) Once you're done with that testcase, restart isc-dhcp-server and isc-dhcp-server6 (if doing IPv6 testing)
3) Check "dmesg" for any apparmor error

See original description
Revision history for this message
Serge (serge-de-souza) wrote :
Serge (serge-de-souza)
tags: added: natty precise
Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

The attachment "apparmor permission fix for dhcpd" of this bug report has been identified as being a patch. The ubuntu-reviewers team has been subscribed to the bug report so that they can review the patch. In the event that this is in fact not a patch you can resolve this situation by removing the tag 'patch' from the bug report and editing the attachment so that it is not flagged as a patch. Additionally, if you are member of the ubuntu-reviewers team please also unsubscribe the team from this bug report.

[This is an automated message performed by a Launchpad user owned by Brian Murray. Please contact him regarding any issues with the action taken in this bug report.]

tags: added: patch
Serge (serge-de-souza)
description: updated
Stéphane Graber (stgraber)
Changed in isc-dhcp (Ubuntu):
status: New → Fix Released
Changed in isc-dhcp (Ubuntu Precise):
status: New → In Progress
assignee: nobody → Stéphane Graber (stgraber)
Stéphane Graber (stgraber)
description: updated
Changed in isc-dhcp (Ubuntu Precise):
importance: Undecided → Low
Revision history for this message
Clint Byrum (clint-fewbar) wrote : Please test proposed package

Hello Serge, or anyone else affected,

Accepted isc-dhcp into precise-proposed. The package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Changed in isc-dhcp (Ubuntu Precise):
status: In Progress → Fix Committed
tags: added: verification-needed
Revision history for this message
Stéphane Graber (stgraber) wrote :

tested here

tags: added: verification-done
removed: verification-needed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package isc-dhcp - 4.1.ESV-R4-0ubuntu5.1

---------------
isc-dhcp (4.1.ESV-R4-0ubuntu5.1) precise-proposed; urgency=low

  * Set -pf option for both isc-dhcp-server and isc-dhcp-server6 so they
    create their pid files in a path that's actually writable. (LP: #985417)
  * Also allow read access to the pid file in the apparmor profile,
    otherwise only the initial start succeeds. (LP: #1005062)
  * On upgrade from dhcp3-server, move /etc/default/dhcp3-server to
    /etc/default/isc-dhcp-server. (LP: #1003971)
  * On upgrade from dhcp3-relay, remove /etc/default/dhcp3-relay.
    (LP: #1005547)
  * Try to preseed isc-dhcp-relay with the values from
    /etc/default/dhcp3-relay. (LP: #1005547)
 -- Stephane Graber <email address hidden> Sun, 27 May 2012 20:41:13 -0400

Changed in isc-dhcp (Ubuntu Precise):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.