touch-packages team mailing list archive
-
touch-packages team
-
Mailing list archive
-
Message #70484
[Bug 1417658] Re: apparmor denied operation file_inherit from networkmanager when using HWE kernel
This bug was fixed in the package isc-dhcp - 4.2.4-7ubuntu12.1
---------------
isc-dhcp (4.2.4-7ubuntu12.1) trusty-proposed; urgency=medium
* debian/apparmor-profile.dhclient: add 'network inet dgram' and
'network inet6 dgram' to nm-dhcp-helper and dhclient-script for HWE
kernels (LP: #1417658)
-- Jamie Strandboge <jamie@xxxxxxxxxx> Mon, 30 Mar 2015 12:24:24 -0500
** Changed in: isc-dhcp (Ubuntu Trusty)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to isc-dhcp in Ubuntu.
https://bugs.launchpad.net/bugs/1417658
Title:
apparmor denied operation file_inherit from networkmanager when using
HWE kernel
Status in isc-dhcp package in Ubuntu:
Fix Released
Status in isc-dhcp source package in Trusty:
Fix Released
Status in isc-dhcp source package in Vivid:
Fix Released
Bug description:
[Impact]
AppArmor denials appear in dhclient when using using HWE kernel on 14.04. This can result in incorrect dhcp operation on client systems. The fix is to add these rules:
network inet dgram,
network inet6 dgram,
to the dhclient profile for nm-dhcp-client.action and dhclient-script,
like we did in 4.2.4-7ubuntu14.
[Test Case]
Install HWE kernel and use network manager to obtain an IP address.
[Regression Potential]
Extremely low since the update only adds access that dhclient didn't have.
Original description:
Hallo,
on Kubuntu 14.04.x dmesg shows me the following apparmor messages;
Is this normal or is this a security issue together with network-
manager?
[ 16.171766] audit: type=1400 audit(1422595680.679:68): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2229 comm="nm-dhcp-client." lport=10320 family="inet" sock_type="dgram" protocol=17
[ 16.171772] audit: type=1400 audit(1422595680.679:69): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2229 comm="nm-dhcp-client." lport=21985 family="inet6" sock_type="dgram" protocol=17
[ 16.199936] audit: type=1400 audit(1422595680.707:70): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2246 comm="nm-dhcp-client." lport=10320 family="inet" sock_type="dgram" protocol=17
[ 16.199943] audit: type=1400 audit(1422595680.707:71): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2246 comm="nm-dhcp-client." lport=21985 family="inet6" sock_type="dgram" protocol=17
[ 16.201369] audit: type=1400 audit(1422595680.707:72): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2248 comm="nm-dhcp-client." lport=10320 family="inet" sock_type="dgram" protocol=17
[ 16.201379] audit: type=1400 audit(1422595680.707:73): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2248 comm="nm-dhcp-client." lport=21985 family="inet6" sock_type="dgram" protocol=17
[ 17.206342] audit: type=1400 audit(1422595681.711:74): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2468 comm="nm-dhcp-client." lport=10320 family="inet" sock_type="dgram" protocol=17
[ 17.206349] audit: type=1400 audit(1422595681.711:75): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2468 comm="nm-dhcp-client." lport=21985 family="inet6" sock_type="dgram" protocol=17
When I logon to KDE, KDE hangs sometimes for 3sec at the login-
process , when there is no internet connection (DSL modem did not
dial-in yet).
Thanks for your help!
Best regards, Bernhard
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1417658/+subscriptions
References
