Package: isc-dhcp-server Version: 4.4.3-P1-1.1 Severity: normal Dear Maintainer,
After upgrading from version 4.4.3-P1-1 to 4.4.3-P1-1.1 the added apparmor configurations block the include of files outside /etc/dhcp/, like DDNS TSIG keys definition that are usually installed under /etc/bind. I can understand avoiding to read files everywhere, but the use of TSIG keys defined by bind with is quite a common usage, that stop working with misleading permission denied error for readable files. This break previously working configurations, whitout a note in the changelog. -- System Information: Debian Release: bookworm/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 6.0.0-6-amd64 (SMP w/1 CPU thread; PREEMPT) Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages isc-dhcp-server depends on: ii debconf [debconf-2.0] 1.5.80 ii debianutils 5.7-0.4 ii libc6 2.36-7 ii lsb-base 11.5 ii sysvinit-utils [lsb-base] 3.06-2 Versions of packages isc-dhcp-server recommends: ii isc-dhcp-common 4.4.3-P1-1.1 ii policycoreutils 3.4-1 Versions of packages isc-dhcp-server suggests: ii ieee-data 20220827.1 pn isc-dhcp-server-ldap <none> pn policykit-1 <none> -- Configuration Files: /etc/dhcp/dhcpd.conf changed: authoritative; ddns-update-style standard; option local-pac-server code 252 = text; option local-pac-server "http://proxy.institute.lan:80/wpad.dat";; allow booting; include "/etc/bind/bookworm.institute.lan.key"; zone institute.lan. { primary 127.0.0.1; key bookworm.institute.lan; } subnet 192.168.1.0 netmask 255.255.255.0 { range 192.168.1.10 192.168.1.100 ; option domain-name-servers 192.168.1.1; option domain-name "institute.lan"; option routers 192.168.1.1; option ntp-servers 192.168.1.1; default-lease-time 86400; max-lease-time 172800; next-server 192.168.1.1; } zone 1.168.192.in-addr.arpa. { primary 127.0.0.1; key bookworm.institute.lan; } option architecture-type code 93 = unsigned integer 16; class "pxeclients" { match if substring (option vendor-class-identifier, 0, 9) = "PXEClient"; if option architecture-type = 00:00 { filename "/pxelinux.0"; } elsif option architecture-type = 00:09 { filename "/efi/syslinux.efi"; } elsif option architecture-type = 00:07 { filename "/efi/syslinux.efi"; } elsif option architecture-type = 00:06 { filename "/efi/syslinux.efi"; } } include "/etc/fuss-server/dhcp-reservations"; include "/etc/dhcp/dhcpd-added.conf"; -- debconf information: isc-dhcp-server/interfaces:
