touch-packages team mailing list archive

[Jamie Strandboge <jamie@xxxxxxxxxx>]

Public bug reported:

dhclient is starting before the apparmor profile for it is loaded which
results in the following output from aa-status:

$ sudo aa-status
...
4 profiles are in enforce mode.
   /sbin/dhclient
...
1 processes are unconfined but have a profile defined.
   /sbin/dhclient (634)

Upstart had the network-interface-security.conf job to make sure this
didn't happen. We wanted the cache loading library to be implemented in
time (bug #1385414), but it still hasn't landed. Having the cache
loading library in place would mean that this bug would also be fixed,
but now we need to fix this bug differently for 15.04 and it must be
fixed by release.

** Affects: systemd (Ubuntu)
     Importance: Critical
         Status: Triaged


** Tags: apparmor

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1438249

Title:
  /sbin/dhclient is unconfined after switch to systemd (aka, equivalent
  of upstart's network-interface-security.conf not implemented)

Status in systemd package in Ubuntu:
  Triaged

Bug description:
  dhclient is starting before the apparmor profile for it is loaded
  which results in the following output from aa-status:

  $ sudo aa-status
  ...
  4 profiles are in enforce mode.
     /sbin/dhclient
  ...
  1 processes are unconfined but have a profile defined.
     /sbin/dhclient (634)

  Upstart had the network-interface-security.conf job to make sure this
  didn't happen. We wanted the cache loading library to be implemented
  in time (bug #1385414), but it still hasn't landed. Having the cache
  loading library in place would mean that this bug would also be fixed,
  but now we need to fix this bug differently for 15.04 and it must be
  fixed by release.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1438249/+subscriptions