profiles: dhclient: allow setting task comm name

dhclient wants to set its thread names to functional names for introspection purposes. Eg. $ pstree -at 3395 dhclient ens3 ├─{isc-socket} ├─{isc-timer} └─{isc-worker0000} When denied this can result in dhclient breaking and failing to obtain IPv4 addresses. Fixes: https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1918410 Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Christian Boltz <apparmor@cboltz.de>
2025-08-22 01:57:43 +00:00 · 2021-03-29 15:34:43 -07:00 · 2021-03-29 15:34:43 -07:00 · c734839551
commit c734839551
parent c32c970d00
1 changed files with 5 additions and 0 deletions
--- a/profiles/apparmor/profiles/extras/sbin.dhclient
+++ b/profiles/apparmor/profiles/extras/sbin.dhclient
@ -48,6 +48,11 @@ profile dhclient /{usr/,}sbin/dhclient {
  @{PROC}/interrupts          r,
  @{PROC}/@{pid}/net/dev      r,
  @{PROC}/rtc                 r,
+
+  # dhcliet wants to update its threads with functional names
+  # see lp1918410
+  owner @{PROC}/@{pid}/task/[0-9]*/comm rw,
+
  # following rule shouldn't work, self is a symlink
  @{PROC}/self/status         r,
  /{usr/,}sbin/arp            mrix,