Ubuntu
dhcp3 package

AppArmor profile for sbin.dhclient3 should handle connman

Bug #333711 reported by Mark Shuttleworth on 2009-02-24

6

Affects		Status	Importance	Assigned to	Milestone
	Connection Manager	Fix Released	Medium	moblin-bugzilla #1009
	connman (Ubuntu)	Won't Fix	Undecided	Unassigned
	dhcp3 (Ubuntu)	Fix Released	Undecided	Jamie Strandboge

Bug Description

Connection manager ("connman") runs /sbin/dhclient using some specific actions and stores leases in different locations to NetworkManager. The new sbin.dhclient3 AppArmor profile prevents connman from acquiring an IP address and storing the lease, I include a patch to the profile which addresses that.

I'm not sure whether AppArmor configurations can extend one another. If so, it may be better to extend the dhclient profiles (/sbin/dhclient3, /sbin/dhclient-script, /usr/lib/connman/scripts/dhclient-script) in a separate apparmor.d file added by the connman package. For the moment this patch just extends the profile added by the dhcp3-client package.

Related branches

lp:ubuntu/karmic/dhcp3

Revision history for this message

Mark Shuttleworth (sabdfl) wrote on 2009-02-24:

#1

Amends the apparmor profile to allow for connman's pattern of usage of dhclient Edit (1.0 KiB, text/plain)

Bug Watch Updater (bug-watch-updater) on 2009-02-24

Changed in connman:
status:	Unknown → Confirmed

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2009-02-24:

#2

At this time, there is not currently a way to extend a profile in this manner, as the calling program's (in this case /sbin/dhclient3) profile must know about the called program. Since the called program's (/usr/lib/connman/scripts/dhclient-script) profile has basically just the path to the called program, we may as well keep the profile in the dhclient3 profile. If connman's dhclient-script profile gets significantly more complicated, we should reconsider moving it to connman itself.

Thanks for the patch Mark. This should be uploaded shortly.

Changed in dhcp3:
assignee:	nobody → jdstrand
status:	New → In Progress

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2009-02-24:

#3

Marking connman task as "Won't Fix" for the above stated reasons.

Changed in connman:
status:	New → Won't Fix

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2009-02-24:

#4

I tried to test the patch but I apparently don't have hardware that works with connman. The patch looks good though, so I uploaded it.

Changed in dhcp3:
status:	In Progress → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2009-02-24:

#5

This bug was fixed in the package dhcp3 - 3.1.1-5ubuntu6

---------------
dhcp3 (3.1.1-5ubuntu6) jaunty; urgency=low

* debian/apparmor-profile.dhclient3: adjust to support connman. Patch
thanks to Mark Shuttleworth. (LP: #333711)

-- Jamie Strandboge <email address hidden> Tue, 24 Feb 2009 08:47:29 -0600

Changed in dhcp3:
status:	Fix Committed → Fix Released

Bug Watch Updater (bug-watch-updater) on 2009-03-04

Changed in connman:
status:	Confirmed → Fix Released

Bug Watch Updater (bug-watch-updater) on 2011-02-04

Changed in connman:
importance:	Unknown → Medium

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

Amends the apparmor profile to allow for connman's pattern of usage of dhclient Edit

Add patch

Remote bug watches

moblin-bugzilla #1009
[VERIFIED FIXED] Edit

Bug watches keep track of this bug in other bug trackers.