1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.RC

  • Bug#1055067: isc-dhcp-client: network-manager 1.44.2-3 changed path to

    From Santiago Ruano =?UTF-8?Q?Rinc=C3=B3@21:1/5 to All on Fri Feb 23 23:00:01 2024
    El 30/10/23 a las 18:29, Sven-Haegar Koch escribió:
    Package: isc-dhcp-client
    Version: 4.4.3-P1-4
    Severity: normal

    Dear Maintainer,

    I am using network manager with /etc/NetworkManager/NetworkManager.conf

    [main]
    dhcp=dhclient

    and thus using isc-dhcp-client as my DHCP client.

    With the update of network-manager 1.44.2-3 the nm-dhcp-helper moved
    from /usr/lib/NetworkManager/ to /usr/libexec/.

    Without a fix to /etc/apparmor.d/sbin.dhclient the system now fails to activate interfaces using DHCP, logging

    audit: type=1400 audit(1698680734.539:50): apparmor="DENIED" operation="exec" class="file" profile="/{,usr/}sbin/dhclient" name="/usr/libexec/nm-dhcp-helper" pid=7523 comm="dhclient" requested_mask="x" denied_mask="x" fsuid=0 ouid=0

    The following diff fixes it for me - just duplicating the existing
    rules to the new path:

    diff --git a/etc/apparmor.d/sbin.dhclient b/etc/apparmor.d/sbin.dhclient index 1acc6b92..b219d688 100644
    --- a/etc/apparmor.d/sbin.dhclient
    +++ b/etc/apparmor.d/sbin.dhclient
    @@ -69,6 +69,8 @@
    # Support the new executable helper from NetworkManager.
    /usr/lib/NetworkManager/nm-dhcp-helper Pxrm,
    signal (receive) peer=/usr/lib/NetworkManager/nm-dhcp-helper,
    + /usr/libexec/nm-dhcp-helper Pxrm,
    + signal (receive) peer=/usr/libexec/nm-dhcp-helper,

    # Site-specific additions and overrides. See local/README for details.
    #include <local/sbin.dhclient>
    @@ -101,6 +103,21 @@
    network inet6 dgram,
    }

    +/usr/libexec/nm-dhcp-helper {
    + #include <abstractions/base>
    + #include <abstractions/dbus>
    + /usr/libexec/nm-dhcp-helper mr,
    +
    + /run/NetworkManager/private-dhcp rw,
    + signal (send) peer=/sbin/dhclient,
    +
    + /var/lib/NetworkManager/*lease r,
    + signal (receive) peer=/usr/sbin/NetworkManager,
    + ptrace (readby) peer=/usr/sbin/NetworkManager,
    + network inet dgram,
    + network inet6 dgram,
    +}
    +
    /usr/lib/connman/scripts/dhclient-script {
    #include <abstractions/base>
    #include <abstractions/dbus>


    Greetings,
    Sven

    Hi!

    Really sorry, this has fallen through the cracks.

    Could you please confirm the version available in this repo fixes the
    issue:

    https://debian.pages.debian.net/-/isc-dhcp/-/jobs/5350735/artifacts/aptly/index.html

    Cheers,

    -- Santiago

    -----BEGIN PGP SIGNATURE-----

    iHUEABYIAB0WIQRZVjztY8b+Ty43oH1itBCJKh26HQUCZdkUHgAKCRBitBCJKh26 HdlzAQCMcRKqpZVizBUB8gGR2ezDcyCRCQPGNg31D8e7SmnCZgD7Bpw+PdjuP/mH QLmsmSM1gbfufNO6BS2i3YcbMac5UQE=
    =wEgQ
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Sven-Haegar Koch@21:1/5 to All on Mon Feb 26 00:40:02 2024
    This message is in MIME format. The first part should be readable text,
    while the remaining parts are likely unreadable without MIME-aware tools.

    On Fri, 23 Feb 2024, Santiago Ruano Rincón wrote:

    Really sorry, this has fallen through the cracks.

    Thanks - no problem, happens.

    Could you please confirm the version available in this repo fixes the
    issue:

    https://debian.pages.debian.net/-/isc-dhcp/-/jobs/5350735/artifacts/aptly/index.html

    It seems to work fine using 4.4.3-P1-6~1.gbpcd0ae3+salsaci+20240223+56,
    but I had to manually remove /etc/apparmor.d/sbin.dhclient and execute "systemctl restart apparmor" to really use your version - the package
    created a new /etc/apparmor.d/usr.sbin.dhclient, but left the old
    configfile around.

    While installing your test package I lost wifi connection, but I think
    that was not from your package but from updating network-manager from
    unstable at the same time (did dist-upgrade), which always breaks my
    network.

    c'ya
    sven-haegar

    --
    Three may keep a secret, if two of them are dead.
    - Ben F.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Vincent Lefevre@21:1/5 to Sven-Haegar Koch on Mon Feb 26 03:30:01 2024
    On 2024-02-26 00:22:01 +0100, Sven-Haegar Koch wrote:
    While installing your test package I lost wifi connection, but I think
    that was not from your package but from updating network-manager from unstable at the same time (did dist-upgrade), which always breaks my
    network.

    With the future stable upgrade, it would be very bad to lose the
    network connection (not just wifi is concerned) during the upgrade.
    I suppose that once the new isc-dhcp-client package is available, network-manager should break the old versions (something like that...
    I don't know whether this is sufficient).

    --
    Vincent Lefèvre <vincent@vinc17.net> - Web: <https://www.vinc17.net/>
    100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
    Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)