← Back to team overview

touch-packages team mailing list archive

[Bug 1186662] Re: isc-dhcp-server fails to renew lease file

 

I came across this bug myself and decided to take a closer look. On trusty, as mentioned, we need the extra PARANOIA patch fro 4.3.3. This will chown the lease file to dhcpd:dhcpd so that afterwards rotation works. I backported a very minimal patch for this. However, the upstart job needed to be adjusted to have this instead:
    ...
    # The leases files need to be root:dhcpd for dropping privileges
    [ -e /var/lib/dhcp/dhcpd.leases ] || touch /var/lib/dhcp/dhcpd.leases
    chown root:dhcpd /var/lib/dhcp /var/lib/dhcp/dhcpd.leases
    chmod 775 /var/lib/dhcp
    chmod 664 /var/lib/dhcp/dhcpd.leases
    ...

'capability chown' needs to be added to the apparmor profile. This
allows root to open the file in /var/lib/dhcp without capability
dac_override or capability fowner, allows the fchown of the lease file
to dhcpd:dhcpd, then allows the dhcpd user to manage the leases and
leases~ files. I have test packages in https://launchpad.net/~ubuntu-
security-proposed/+archive/ubuntu/ppa/+packages if people want to try
them out. If they work for affected users, I'll pursue an SRU to trusty-
updates.

I didn't look at xenial very closely, but it doesn't seem to need the
root:dhcpd setup. Upstream must have reordered priv dropping and the
fchown, etc for this to work. While it would be possible to backport
these changes to trusty, I prefer the minimal patch and change to the
upstart job in the ppa for a stable release update.

** Changed in: isc-dhcp (Ubuntu Trusty)
       Status: Confirmed => Triaged

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to isc-dhcp in Ubuntu.
https://bugs.launchpad.net/bugs/1186662

Title:
  isc-dhcp-server fails to renew lease file

Status in isc-dhcp package in Ubuntu:
  Fix Released
Status in isc-dhcp source package in Trusty:
  Triaged

Bug description:
  After raring upgrade, the dhcp server fails to renew lease file when
  it tries to (about every hour).

  The syslog says:
  dhcpd: Can't create new lease file: Permission denied

  It looks like a permission problem, because

  # chown -R dhcpd:dhcpd /var/lib/dhcp

  the above command temporarily solves the issue, until dhcpd is
  restarted: at that time, the ownership of the directory and the lease
  file is set back to root:root.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1186662/+subscriptions