yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1717627] Re: permission denied when executing dhclient in Ec2 datasource

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Scott Moser <smoser@xxxxxxxxxx>
Date: Sat, 23 Sep 2017 02:36:20 -0000
Reply-to: Bug 1717627 <1717627@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This bug is believed to be fixed in cloud-init in 17.1. If this is still
a problem for you, please make a comment and set the state back to New

Thank you.

** Changed in: cloud-init
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to cloud-init.
https://bugs.launchpad.net/bugs/1717627

Title:
  permission denied when executing dhclient in Ec2 datasource

Status in cloud-init:
  Fix Released
Status in cloud-init package in Ubuntu:
  Fix Released

Bug description:
  in the ec2 datasource, cloud-init runs dhclient from a tmp file in
  order to avoid apparmor restrictions and side affects.

  In a change for bug 1707222 we started using /run/cloud-init for tmpfiles.
  /run is mounted noexec.  See example:

  $ sudo /run/cloud-init/tmp/dhclient -1 -v -lf /run/cloud-init/tmp/cloud-init-dhcp-bs6g4xkw/dhcp.leases -pf /run/cloud-init/tmp/cloud-init-dhcp-bs6g4xkw/dhclient.pid eth0 -sf /bin/true
  sudo: unable to execute /run/cloud-init/tmp/dhclient: Permission denied

  So, we need a tmp file in a place that allows execution.

  Related bugs:
   * bug 1709772: Enable ipv6 support on EC2
   * bug 1707222: usage of /tmp during boot is not safe may get files deleted.
   * bug 1717627: permission denied executing dhclient from /run

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1717627/+subscriptions

References

[Bug 1717627] [NEW] permission denied when executing dhclient in Ec2 datasource
From: Scott Moser, 2017-09-16