On Wednesday, March 08, 2023 20:15 CET, Andreas Hasenack
<[email protected]> wrote:
> I see you are not using the systemd unit, so I suspect you are running kea
> as root directly, instead of as the unprivileged `_kea` user, and you are
> probably tripping over the "owner" flag of the apparmor rules.
Thanks for the hint... (\me buys some big brown paperbag...)
It is working now with the following patch to /etc/init.d/kea-dhcp4-server.
Regards
Benedikt Spranger
--- /etc/init.d/kea-dhcp4-server.orig 2023-03-08 22:00:35.249600025 +0100
+++ /etc/init.d/kea-dhcp4-server 2023-03-08 22:12:11.803979999 +0100
@@ -16,7 +16,7 @@
# PATH should only include /usr/* if it runs after the mountnfs.sh script
PATH=/sbin:/usr/sbin:/bin:/usr/bin
DESC="kea-dhcp4"
-NAME=kea-dhcp4-server
+NAME=kea-dhcp4
DAEMON=/usr/sbin/kea-dhcp4
DAEMON_ARGS="-c /etc/kea/kea-dhcp4.conf"
PIDFILE=/run/$NAME.pid
@@ -24,6 +24,7 @@
KEA_PIDFILE_DIR=/run/
KEA_LOCKFILE_DIR=/run/lock/kea/
KEA_LOGGER_DESTINATION=/var/log/kea/
+KEA_USER=_kea
# Exit if the package is not installed
[ -x "$DAEMON" ] || exit 0
@@ -52,13 +53,14 @@
do_start()
{
create_lockfile_dir
+ export KEA_LOCKFILE_DIR
# Return
# 0 if daemon has been started
# 1 if daemon was already running
# 2 if daemon could not be started
- start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON
--test > /dev/null \
+ start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -u
$KEA_USER --test > /dev/null \
|| return 1
- start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -b
-- \
+ start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -c
$KEA_USER -b -- \
$DAEMON_ARGS \
|| return 2
}
