touch-packages team mailing list archive

Thread
Date

[Bug 1541450] Re: overlayroot read-only mode apparmor dhclient DENIED

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Seth Arnold <1541450@xxxxxxxxxxxxxxxxxx>
Date: Wed, 03 Feb 2016 20:07:14 -0000
Reply-to: Bug 1541450 <1541450@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Hello zy,

Be very careful with /etc/init.d/networking restart --- this can cause
severe instability issues on Ubuntu systems. Some versions have this
script modified to prevent the trouble, but some don't. The ifupdown
tools should be used to restart specific interfaces instead. I know
that's insanely confusing, but it's just the way it is.

The AppArmor problem is the "Failed name lookup - disconnected path"
entry. This means that the process is running in a filesystem namespace
(perhaps a chroot?) where the filename doesn't actually exist. The usual
way forward is to add flags=(attach_disconnected) to the profile, e.g.:

/sbin/dhclient flags=(attach_disconnected) { ...

If that isn't sufficient for you, this may be related to
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1408106 -- but I
must admit I don't know the details of why overlayfs doesn't work well
with AppArmor.

Thanks

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1541450

Title:
  overlayroot read-only mode apparmor dhclient DENIED

Status in apparmor package in Ubuntu:
  New

Bug description:
  Dear all:
      I am using the overlayroot and working on read-only mode ,and then I can`t connect network and dhclient .

  cat /var/log/kernel.log below

  Feb  3 23:17:53 zy-VirtualBox kernel: [   49.049090] audit: type=1400
  audit(1454512673.592:44): apparmor="DENIED" operation="getattr"
  info="Failed name lookup - disconnected path" error=-13
  profile="/sbin/dhclient" name="etc/ld.so.cache" pid=1217
  comm="dhclient" requested_mask="r" denied_mask="r" fsuid=0 ouid=0

  Feb  3 23:17:53 zy-VirtualBox kernel: [   49.049253] audit: type=1400
  audit(1454512673.592:45): apparmor="DENIED" operation="getattr"
  info="Failed name lookup - disconnected path" error=-13
  profile="/sbin/dhclient" name="lib/x86_64-linux-gnu/libirs-
  export.so.91.0.0" pid=1217 comm="dhclient" requested_mask="r"
  denied_mask="r" fsuid=0 ouid=0

  when I use "dhclient enp0s3",the error message is "dhclient: error
  while loading shared libraries: libirs-export.so.91: cannot stat
  shared object: Permission denied"

  need any help
  Thanks
  zy

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1541450/+subscriptions

References

[Bug 1541450] [NEW] overlayroot read-only mode apparmor dhclient DENIED
From: zhangyang, 2016-02-03