Re: PD: problem configuring multiple interfaces after rebind
Roy Marples
Thu Mar 28 11:44:03 2019
Hi Timo
On 27/03/2019 23:14, Timo Sigurdsson wrote:
Is it possible that this issue may also have caused the dhcpcd-run-hooks script to be executed with wrong options or the wrong envrionment?
The reason I'm asking is this: between December and March I had a handful of cases (like 3 or 4 times) in which dhcpcd-run-hooks tried to execute the hook "20-resolv.conf" whereas my configuration has the following line in it:
nohook 20-resolv.conf, 30-hostname, 50-ntp.conf, 60-ntp-common.conf, 62-chrony.conf, 64-timesyncd.conf, 66-ntp.conf, 68-openntpd.conf
Usually this option is honored (I basically want the script to only execute my own prefix delegation hook and keep the option to run the 01-test and 02-dump hooks, if needed). But in some rare cases the nohook option seems to be ignored.
How do I know this? I have custom AppArmor profiles for both dhcpcd and the dhcpcd-run-hooks. Since I don't use the 20-resolv.conf hook, the profile does not grant access to /etc/resolv.conf. Hence, when the 20-resolv.conf hook is executed access to that file is denied and logged:
kernel: [ 11.664995] audit: type=1400 audit(1553210770.564:22): apparmor="DENIED" operation="open" profile="/lib/dhcpcd/dhcpcd-run-hooks" name="/etc/resolv.conf" pid=2060 comm="dhcpcd-run-hook" requested_mask="wc" denied_mask="wc" fsuid=0 ouid=0
There are a few more messages like the attempt to create a directory in /run/dhcpcd/ and so on.
Unfortunately, I haven't found a way to reproduce this. I suspect that it does happen when something is "wrong" with my interfaces. For example, the first time I noticed it was during a package upgrade which unfortunately triggered a restart of a lot of running services simultaneously, including dhcpcd as well as the networking service. So, dhcpcd was restarted while all network interfaces went down at the same time. Another case in which I could observe this was when my PPPoE connection was established, then dhcpcd was started and then the PPPoE connection was terminated again instantly (not by me but the remote peer). If I try to do the same thing manually however, like starting or restarting dhcpcd while stopping the PPPoE connection or while it is already disconnected, I cannot trigger the same behavior, so this is all still a mystery for me. I don't have the logs of these two cases anymore as they got rotated away, but when I looked at the logs after the incidents, I couldn't fi
nd anything odd being logged by dhcpcd. Only once I had a message saying something like "no valid interfaces found" when dhcpcd was started, but the access to resolv.conf was denied minutes later after the PPPoE connection came up and dhcpcd was restarted in the meantime, so I wouldn't assume this is really related. But who knows...
Anyway, I tried to remove the commas from my nohook option, but that didn't help. Eventually, I have worked around this issue for me by saving my prefix delegation hook as /etc/dhcpcd.enter-hook and exit at the end of my hook to ensure nothing else is executed after that.
But if these commits by any chance would resolve that, it would be a nice side effect.
I find it unlikely that my changes would have fixed the very odd issues
listed here!
As part of 20-resolv.conf, it will try and create storage for the file
in the rundir (should be /var/run/dhcpcd on BSD by default) if
resolvconf(8) is not found so that does make sense.
As to why the hook is being ignored I have no idea.
You would try adding debug at the top of the hook to dump env to a log
file which might give a clue as to why it's being executed when your
config asks for it not to be.
Roy
Archive administrator: postmaster@marples.name