touch-packages team mailing list archive
-
touch-packages team
-
Mailing list archive
-
Message #67438
[Bug 1417658] Re: apparmor denied operation file_inherit from networkmanager when using HWE kernel
Tested packages: amd64
isc-dhcp-client 4.2.4-7ubuntu12.1
isc-dhcp-common 4.2.4-7ubuntu12.1
with kernels: amd64
vivid-lts 3.19.0-10.10
utopic-lts 3.16.0- 34.27
No "apparmor="DENIED" operation"-messages anymore => the patched
packages work.
Thank you for your support!
Best regards, Bernhard
** Tags removed: verification-needed
** Tags added: verification-done
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to isc-dhcp in Ubuntu.
https://bugs.launchpad.net/bugs/1417658
Title:
apparmor denied operation file_inherit from networkmanager when using
HWE kernel
Status in isc-dhcp package in Ubuntu:
Fix Released
Status in isc-dhcp source package in Trusty:
Fix Committed
Status in isc-dhcp source package in Vivid:
Fix Released
Bug description:
[Impact]
AppArmor denials appear in dhclient when using using HWE kernel on 14.04. This can result in incorrect dhcp operation on client systems. The fix is to add these rules:
network inet dgram,
network inet6 dgram,
to the dhclient profile for nm-dhcp-client.action and dhclient-script,
like we did in 4.2.4-7ubuntu14.
[Test Case]
Install HWE kernel and use network manager to obtain an IP address.
[Regression Potential]
Extremely low since the update only adds access that dhclient didn't have.
Original description:
Hallo,
on Kubuntu 14.04.x dmesg shows me the following apparmor messages;
Is this normal or is this a security issue together with network-
manager?
[ 16.171766] audit: type=1400 audit(1422595680.679:68): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2229 comm="nm-dhcp-client." lport=10320 family="inet" sock_type="dgram" protocol=17
[ 16.171772] audit: type=1400 audit(1422595680.679:69): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2229 comm="nm-dhcp-client." lport=21985 family="inet6" sock_type="dgram" protocol=17
[ 16.199936] audit: type=1400 audit(1422595680.707:70): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2246 comm="nm-dhcp-client." lport=10320 family="inet" sock_type="dgram" protocol=17
[ 16.199943] audit: type=1400 audit(1422595680.707:71): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2246 comm="nm-dhcp-client." lport=21985 family="inet6" sock_type="dgram" protocol=17
[ 16.201369] audit: type=1400 audit(1422595680.707:72): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2248 comm="nm-dhcp-client." lport=10320 family="inet" sock_type="dgram" protocol=17
[ 16.201379] audit: type=1400 audit(1422595680.707:73): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2248 comm="nm-dhcp-client." lport=21985 family="inet6" sock_type="dgram" protocol=17
[ 17.206342] audit: type=1400 audit(1422595681.711:74): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2468 comm="nm-dhcp-client." lport=10320 family="inet" sock_type="dgram" protocol=17
[ 17.206349] audit: type=1400 audit(1422595681.711:75): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2468 comm="nm-dhcp-client." lport=21985 family="inet6" sock_type="dgram" protocol=17
When I logon to KDE, KDE hangs sometimes for 3sec at the login-
process , when there is no internet connection (DSL modem did not
dial-in yet).
Thanks for your help!
Best regards, Bernhard
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1417658/+subscriptions
References
