aims team mailing list archive

Thread
Date

[Bug 1057358] Re: dhcpd in isc-dhcp-server-ldap cannot read /etc/ldap/ldap.conf due to missing entry in apparmor profile

To: aims@xxxxxxxxxxxxxxxxxxx
From: Dave Chiluk <1057358@xxxxxxxxxxxxxxxxxx>
Date: Wed, 10 Apr 2013 22:10:24 -0000
Reply-to: Bug 1057358 <1057358@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Changed to verification failed.  Same problem as before.  00list needs
to be fixed as the below diff or the debdiff in comment #9 in order for
this patch to get pulled in to not be reverted.

--- /home/chiluk/src/isc-dhcp.p/isc-dhcp-4.1.ESV-R4/debian/patches/00list	2013-04-10 16:57:00.000000000 -0500
+++ 00list	2013-03-06 14:59:57.410644793 -0600
@@ -27,9 +27,10 @@ CVE-2012-3955
 # LP: #974284
 onetry_retry_after_initial_success
 
+dhcpd-ldap-apparmor.dpatch
+
 #ldap backend for dhcp server (docs and code)
 #these get reverted during the build, so put non-ldap
 #patches earlier
 dhcp-4.1.0-ldap-docs
 dhcp-4.1.0-ldap-code
-dhcpd-ldap-apparmor.dpatch


** Tags removed: verification-needed
** Tags added: verification-failed

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-3955

-- 
You received this bug notification because you are a member of AIMS,
which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1057358

Title:
  dhcpd in isc-dhcp-server-ldap cannot read /etc/ldap/ldap.conf due to
  missing entry in apparmor profile

Status in “isc-dhcp” package in Ubuntu:
  Fix Released
Status in “isc-dhcp” source package in Precise:
  Fix Committed
Status in “isc-dhcp” source package in Quantal:
  Fix Released

Bug description:
  [Impact]

   * dhcpd will not start if isc-dhcp-server-ldap is enabled.

  [Test Case]

   * Install isc-dhcp-server package and configure
   * service isc-dhcp-server start *(it should start)
   * Install dhcp-ldap package, and configure (even with fake data)
   * Try to restart dhcpd
   * dhcpd fails to start

  [Regression Potential]

   * Minimal

  [Other Info]
   
   * Fix is to add to " /etc/ldap/ldap.conf r" to 
     /etc/apparmor.d/usr.sbin.dhcp

  
  The dhcpd binary in the isc-dhcp-server-ldap package tries and fails to read ldap client configuration from /etc/ldap/ldap.conf due to a missing entry for this file in its apparmor profile. Adding the following line to /etc/apparmor.d/local/usr.sbin.dhcpd works for me, this should already be present in /etc/apparmor.d/usr.sbin.dhcpd

  /etc/ldap/ldap.conf r,

  Release: Ubuntu 12.04.1 LTS Precise Pangolin
  Package: isc-dhcp-server-ldap
  Version: 4.1.ESV-R4-0ubuntu5
  Arch: i386

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1057358/+subscriptions