Ubuntu
isc-dhcp package

isc-dhcp-server doesn't work in ipv6 mode

Bug #787212 reported by garo
20
This bug affects 2 people
Affects Status Importance Assigned to Milestone
isc-dhcp (Ubuntu)
Fix Released
Medium
Brian Murray
Natty
Won't Fix
Medium
Brian Murray

Bug Description

Binary package hint: isc-dhcp-server

(isc-dhcp-server 4.1.1-P1-15ubuntu9 on Ubuntu server 11.04)
It's impossible to run dhcpd with the -6 flag with the current apparmor config in the isc-dhcp-server package. I added a patch that fixes this problem, apply with "cd / ; patch -p1 < dhcpv6support.patch".

TEST CASE:
1) Copy /etc/init.d/isc-dhcp-server to /etc/init.d/isc-dhcp-server6
2) Copy /etc/dhcp/dhcpd.conf to /etc/dhcp/dhcpd6.conf
3) Apply the patch from http://paste.ubuntu.com/706208/ to isc-dhcp-server6
4) Run: update-rc.d isc-dhcp-server6 defaults
5) Edit /etc/dhcp/dhcpd6.conf to look like:
---
authoritative;
option dhcp6.name-servers 2001:470:20::2;
option dhcp6.domain-search "ubuntu.com", "stgraber.net";

# testv6-dhcpv6
subnet6 2001:470:8cc0:9002::/64 {
    range6 2001:470:8cc0:9002::128 2001:470:8cc0:9002::254;
}
---
6) create an ipv6 address on the same network 'ip -6 addr add 2001:470:8cc0:9002:127/64 dev eth0'
7) /etc/init.d/isc-dhcp-server6 start

This will fail with isc-dhcp-server version 4.1.1-P1-15ubuntu9.1 installed and apparmor.
You will see something like the following in syslog - apparmor="DENIED" .. profile="/usr/sbin/dhcpd"

With the -proposed version isc-dhcp-server and isc-dhcp-common step 6 will start okay.

See original description

Related branches

lp:~brian-murray/ubuntu/oneiric/isc-dhcp/fix-for-787212
Dave Walker (community): Approve
Ubuntu branches: Pending requested
Diff: 62 lines (+15/-7)
2 files modified
debian/apparmor-profile.dhcpd (+8/-7)
debian/changelog (+7/-0)
lp:ubuntu/oneiric/isc-dhcp
lp:ubuntu/natty-proposed/isc-dhcp
Revision history for this message
garo (nikolas) wrote :
Revision history for this message
garo (nikolas) wrote :

I also added a second file that can be placed in /etc/init.d/ as 2nd init script to launch the server in v6 mode (if you run "diff /etc/init.d/isc-dhcp*-server" you will see that it's very similar to the init script to launch the server in regular dhcp mode.

This init-file is only optional, it is not needed to fix the bug. (but it would be nice to include it even if you don't place it in any runlevels)

A default /etc/dhcp/dhcpd6.conf is maybe also a good idea (also not needed to fix the bug).

Brian Murray (brian-murray)
tags: added: patch
Brian Murray (brian-murray)
Changed in isc-dhcp (Ubuntu):
status: New → In Progress
importance: Undecided → Medium
assignee: nobody → Brian Murray (brian-murray)
Brian Murray (brian-murray)
tags: added: ipv6
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package isc-dhcp - 4.1.1-P1-17ubuntu2

---------------
isc-dhcp (4.1.1-P1-17ubuntu2) oneiric; urgency=low

  * debian/apparmor-profile.dhcpd: modify AppArmor profile for DHCP server to
    work with IPv6 thanks to Launchpad user nikolas for the patch. LP: #787212
 -- Brian Murray <email address hidden> Fri, 03 Jun 2011 13:55:44 -0700

Changed in isc-dhcp (Ubuntu):
status: In Progress → Fix Released
Revision history for this message
Guy Taylor (thebiggerguy) wrote :

Would it be sensible to backport this to natty? I hand edited the patch into a natty server and it worked.

Brian Murray (brian-murray)
Changed in isc-dhcp (Ubuntu Natty):
status: New → In Progress
assignee: nobody → Brian Murray (brian-murray)
importance: Undecided → Medium
Revision history for this message
Brian Murray (brian-murray) wrote :

I've created a debdiff for Natty (attached) that includes the patch from Oneiric. However, I'm not quite certain how to test it. Guy - could you add a test case to the bug description? Thanks in advance.

Revision history for this message
Stéphane Graber (stgraber) wrote :

Here's how to test it:
 - Copy /etc/init.d/isc-dhcp-server to /etc/init.d/isc-dhcp-server6
 - Apply the patch from http://paste.ubuntu.com/706208/ to isc-dhcp-server6
 - Run: update-rc.d isc-dhcp-server6 defaults
 - Edit /etc/dhcp/dhcpd6.conf to look like:
---
authoritative;
option dhcp6.name-servers 2001:470:20::2;
option dhcp6.domain-search "ubuntu.com", "stgraber.net";

# testv6-dhcpv6
subnet6 2001:470:8cc0:9002::/64 {
    range6 2001:470:8cc0:9002::128 2001:470:8cc0:9002::254;
}
---
 - /etc/init.d/isc-dhcp-server6 start

Brian Murray (brian-murray)
description: updated
Brian Murray (brian-murray)
description: updated
Revision history for this message
Martin Pitt (pitti) wrote : Please test proposed package

Hello garo, or anyone else affected,

Accepted isc-dhcp into natty-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Changed in isc-dhcp (Ubuntu Natty):
status: In Progress → Fix Committed
tags: added: verification-needed
Brian Murray (brian-murray)
Changed in isc-dhcp (Ubuntu Natty):
status: Fix Committed → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.