touch-packages team mailing list archive
-
touch-packages team
-
Mailing list archive
-
Message #67022
[Bug 1417658] Re: apparmor denied operation file_inherit from networkmanager when using HWE kernel
Good work Jamie.
For the record this issue also affected networking in the community-
maintained* Raspberry Pi distribution of Ubuntu Trusty where "the 3.13
kernel has been replaced with an updated 3.18 kernel". They might want
to build an updated image once this makes it into the updates repo
though I don't know who to ping about that.
* https://wiki.ubuntu.com/ARM/RaspberryPi
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to isc-dhcp in Ubuntu.
https://bugs.launchpad.net/bugs/1417658
Title:
apparmor denied operation file_inherit from networkmanager when using
HWE kernel
Status in isc-dhcp package in Ubuntu:
Fix Released
Status in isc-dhcp source package in Trusty:
In Progress
Status in isc-dhcp source package in Vivid:
Fix Released
Bug description:
[Impact]
AppArmor denials appear in dhclient when using using HWE kernel on 14.04. This can result in incorrect dhcp operation on client systems. The fix is to add these rules:
network inet dgram,
network inet6 dgram,
to the dhclient profile for nm-dhcp-client.action and dhclient-script,
like we did in 4.2.4-7ubuntu14.
[Test Case]
Install HWE kernel and use network manager to obtain an IP address.
[Regression Potential]
Extremely low since the update only adds access that dhclient didn't have.
Original description:
Hallo,
on Kubuntu 14.04.x dmesg shows me the following apparmor messages;
Is this normal or is this a security issue together with network-
manager?
[ 16.171766] audit: type=1400 audit(1422595680.679:68): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2229 comm="nm-dhcp-client." lport=10320 family="inet" sock_type="dgram" protocol=17
[ 16.171772] audit: type=1400 audit(1422595680.679:69): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2229 comm="nm-dhcp-client." lport=21985 family="inet6" sock_type="dgram" protocol=17
[ 16.199936] audit: type=1400 audit(1422595680.707:70): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2246 comm="nm-dhcp-client." lport=10320 family="inet" sock_type="dgram" protocol=17
[ 16.199943] audit: type=1400 audit(1422595680.707:71): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2246 comm="nm-dhcp-client." lport=21985 family="inet6" sock_type="dgram" protocol=17
[ 16.201369] audit: type=1400 audit(1422595680.707:72): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2248 comm="nm-dhcp-client." lport=10320 family="inet" sock_type="dgram" protocol=17
[ 16.201379] audit: type=1400 audit(1422595680.707:73): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2248 comm="nm-dhcp-client." lport=21985 family="inet6" sock_type="dgram" protocol=17
[ 17.206342] audit: type=1400 audit(1422595681.711:74): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2468 comm="nm-dhcp-client." lport=10320 family="inet" sock_type="dgram" protocol=17
[ 17.206349] audit: type=1400 audit(1422595681.711:75): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2468 comm="nm-dhcp-client." lport=21985 family="inet6" sock_type="dgram" protocol=17
When I logon to KDE, KDE hangs sometimes for 3sec at the login-
process , when there is no internet connection (DSL modem did not
dial-in yet).
Thanks for your help!
Best regards, Bernhard
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1417658/+subscriptions
References
