** Description changed: + + [Impact] + AppArmor denials appear in dhclient when using using HWE kernel on 14.04. This can result in incorrect dhcp operation on client systems. + + [Test Case] + Install HWE kernel and use network manager to obtain an IP address. + + [Regression Potential] + Extremely low since the update only adds access that dhclient didn't have. + + + Original description: + Hallo, on Kubuntu 14.04.x dmesg shows me the following apparmor messages; Is this normal or is this a security issue together with network- manager? [ 16.171766] audit: type=1400 audit(1422595680.679:68): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2229 comm="nm-dhcp-client." lport=10320 family="inet" sock_type="dgram" protocol=17 [ 16.171772] audit: type=1400 audit(1422595680.679:69): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2229 comm="nm-dhcp-client." lport=21985 family="inet6" sock_type="dgram" protocol=17 [ 16.199936] audit: type=1400 audit(1422595680.707:70): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2246 comm="nm-dhcp-client." lport=10320 family="inet" sock_type="dgram" protocol=17 [ 16.199943] audit: type=1400 audit(1422595680.707:71): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2246 comm="nm-dhcp-client." lport=21985 family="inet6" sock_type="dgram" protocol=17 [ 16.201369] audit: type=1400 audit(1422595680.707:72): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2248 comm="nm-dhcp-client." lport=10320 family="inet" sock_type="dgram" protocol=17 [ 16.201379] audit: type=1400 audit(1422595680.707:73): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2248 comm="nm-dhcp-client." lport=21985 family="inet6" sock_type="dgram" protocol=17 [ 17.206342] audit: type=1400 audit(1422595681.711:74): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2468 comm="nm-dhcp-client." lport=10320 family="inet" sock_type="dgram" protocol=17 [ 17.206349] audit: type=1400 audit(1422595681.711:75): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2468 comm="nm-dhcp-client." lport=21985 family="inet6" sock_type="dgram" protocol=17 When I logon to KDE, KDE hangs sometimes for 3sec at the login-process , when there is no internet connection (DSL modem did not dial-in yet). Thanks for your help! Best regards, Bernhard
** Patch added: "isc-dhcp_4.2.4-7ubuntu12.1.debdiff" https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1417658/+attachment/4361241/+files/isc-dhcp_4.2.4-7ubuntu12.1.debdiff ** Changed in: isc-dhcp (Ubuntu Trusty) Status: Triaged => In Progress ** Description changed: + [Impact] + AppArmor denials appear in dhclient when using using HWE kernel on 14.04. This can result in incorrect dhcp operation on client systems. The fix is to add these rules: + network inet dgram, + network inet6 dgram, - [Impact] - AppArmor denials appear in dhclient when using using HWE kernel on 14.04. This can result in incorrect dhcp operation on client systems. + to the dhclient profile for nm-dhcp-client.action and dhclient-script, + like we did in 4.2.4-7ubuntu14. [Test Case] Install HWE kernel and use network manager to obtain an IP address. [Regression Potential] Extremely low since the update only adds access that dhclient didn't have. - Original description: Hallo, on Kubuntu 14.04.x dmesg shows me the following apparmor messages; Is this normal or is this a security issue together with network- manager? [ 16.171766] audit: type=1400 audit(1422595680.679:68): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2229 comm="nm-dhcp-client." lport=10320 family="inet" sock_type="dgram" protocol=17 [ 16.171772] audit: type=1400 audit(1422595680.679:69): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2229 comm="nm-dhcp-client." lport=21985 family="inet6" sock_type="dgram" protocol=17 [ 16.199936] audit: type=1400 audit(1422595680.707:70): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2246 comm="nm-dhcp-client." lport=10320 family="inet" sock_type="dgram" protocol=17 [ 16.199943] audit: type=1400 audit(1422595680.707:71): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2246 comm="nm-dhcp-client." lport=21985 family="inet6" sock_type="dgram" protocol=17 [ 16.201369] audit: type=1400 audit(1422595680.707:72): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2248 comm="nm-dhcp-client." lport=10320 family="inet" sock_type="dgram" protocol=17 [ 16.201379] audit: type=1400 audit(1422595680.707:73): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2248 comm="nm-dhcp-client." lport=21985 family="inet6" sock_type="dgram" protocol=17 [ 17.206342] audit: type=1400 audit(1422595681.711:74): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2468 comm="nm-dhcp-client." lport=10320 family="inet" sock_type="dgram" protocol=17 [ 17.206349] audit: type=1400 audit(1422595681.711:75): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=2468 comm="nm-dhcp-client." lport=21985 family="inet6" sock_type="dgram" protocol=17 When I logon to KDE, KDE hangs sometimes for 3sec at the login-process , when there is no internet connection (DSL modem did not dial-in yet). Thanks for your help! Best regards, Bernhard -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1417658 Title: apparmor denied operation file_inherit from networkmanager when using HWE kernel To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1417658/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
