[Bug 692428] New: AppArmor usr.sbin.dhcpd needs modification (one solution supplied)

https://bugzilla.novell.com/show_bug.cgi?id=692428 https://bugzilla.novell.com/show_bug.cgi?id=692428#c0 Summary: AppArmor usr.sbin.dhcpd needs modification (one solution supplied) Classification: openSUSE Product: openSUSE 11.4 Version: Final Platform: x86-64 OS/Version: openSUSE 11.4 Status: NEW Severity: Normal Priority: P5 - None Component: AppArmor AssignedTo: jeffm@novell.com ReportedBy: suseforum@roocomputing.co.uk QAContact: qa@suse.de Found By: --- Blocker: --- User-Agent: Opera/9.80 (X11; Linux x86_64; U; en-GB) Presto/2.8.131 Version/11.10 FYI ** I was getting multiple dhcpd errors. I copied: /etc/apparmour/profiles/extras/usr.sbin.dhcpd to /etc/apparmour.d/ because it was missing then changed it as follows: OLD --> NEW --- /etc/apparmor/profiles/extras/usr.sbin.dhcpd 2011-02-23 11:49:51.000000000 +0000 +++ /etc/apparmor.d/usr.sbin.dhcpd 2011-05-07 09:54:30.000000000 +0100 @@ -1,33 +1,39 @@ # $Id$ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ #include /usr/sbin/dhcpd { #include #include capability dac_override, capability net_bind_service, capability net_raw, capability setgid, capability setuid, capability sys_chroot, + network inet raw, + network packet raw, + /db/dhcpd.leases* lrw, /etc/dhcpd.conf r, /etc/hosts.allow r, /etc/hosts.deny r, /usr/sbin/dhcpd rmix, - /var/lib/dhcp/dhcpd.leases* rwl, + /var/lib/dhcp/db/dhcpd.leases* rwl, /var/lib/dhcp/etc/dhcpd.conf r, /var/run/dhcpd.pid wl, + /etc/named.d/*tsig r, + + @{PROC}/[0-9]*/net/dev r, } Hope this helps. Reproducible: Always Steps to Reproduce: 1.Use /etc/apparmour/profiles/extras/usr.sbin.dhcpd supplied with 11.4 2.rcapparmor restart 3.rcdhcpd restart 4.tail /var/log/audit/audit.log 5.tail /var/log/messages Actual Results: **Note these errors were incrementally displayed over a number of iterations as I went through the dhcpd config and fixed each error in turn *** dhcpd: Can't create PID file /var/run/dhcpd.pid: Permission denied. dhcpd: Can't open /etc/named.d//roo_tsig: Permission denied dhcpd: unable to create icmp socket: Permission denied dhcpd: Can't open lease database /var/lib/dhcp/db/dhcpd.leases: Permission denied -- dhcpd: Error opening '/proc/net/dev' to list interfaces dhcpd: Can't get list of interfaces. dhcpd: Open a socket for LPF: Permission denied Expected Results: No errors in /var/log/messages Note that the /etc/named.d/*tsig r, line is from my personal dhcpd <--> named setup so a generic solution would have to be tied back to the key generating activity in YAST: YAST > Network Services > DNS Server > TSIG Keys -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.