Todo #16291
closed
Relocate Kea control socket and lease database
Added by dylan mendez 3 months ago.
Updated about 1 month ago.
Plus Target Version:
25.11
Release Notes:
Force Exclusion
Description
25.11.a.20250628.0006 does the same.
2025-06-28 21:45:58.188712+00:00 kea-dhcp4 94685 ERROR [kea-dhcp4.dhcp4.0x11563ee68008] DHCP4_INIT_FAIL failed to initialize Kea server: configuration error using file '/usr/local/etc/kea/kea-dhcp4.conf': 'socket-name' is invalid: invalid path specified: '/var/run', supported path is '/var/run/kea'
2025-06-28 21:45:58.188516+00:00 kea-dhcp4 94685 ERROR [kea-dhcp4.dhcp4.0x11563ee68008] DHCP4_CONFIG_LOAD_FAIL configuration error using file: /usr/local/etc/kea/kea-dhcp4.conf, reason: 'socket-name' is invalid: invalid path specified: '/var/run', supported path is '/var/run/kea'
2025-06-28 21:45:58.188270+00:00 kea-dhcp4 94685 ERROR [kea-dhcp4.dhcp4.0x11563ee68008] DHCP4_PARSER_COMMIT_FAIL parser failed to commit changes: 'socket-name' is invalid: invalid path specified: '/var/run', supported path is '/var/run/kea'
2025-06-28 21:45:58.179343+00:00 kea-dhcp4 94685 WARN [kea-dhcp4.dhcp4.0x11563ee68008] DHCP4_RESERVATIONS_LOOKUP_FIRST_ENABLED Multi-threading is enabled and host reservations lookup is always performed first.
2025-06-28 21:45:58.179288+00:00 kea-dhcp4 94685 WARN [kea-dhcp4.dhcpsrv.0x11563ee68008] DHCPSRV_MT_DISABLED_QUEUE_CONTROL disabling dhcp queue control when multi-threading is enabled.
Files
- Status changed from New to Confirmed
Tested on
25.11-DEVELOPMENT (amd64)
built on Sat Jun 28 0:06:00 UTC 2025
FreeBSD 15.0-CURRENT
I'm seeing the same issue.
It seems to be a change in the new release of Kea. https://gitlab.isc.org/isc-projects/kea/-/wikis/Release-Notes/release-notes-2.6.3
Particularly
7. Security: Sockets: To prevent unauthorized access and potential denial of service, sockets can no longer be created in a world-writable directory, such as /tmp. Sockets must now be created in the more restricted [kea-install-dir]/var/run/kea. This change addresses CVE-2025-32802 [#3831 (closed), #3840 (closed)].
- Priority changed from Normal to High
Changing priority as this can break stuff, even though it's development internal. Feel free to move back to Normal if I'm overreacting.
As per CCope, this is caused by this:
Security: Sockets: To prevent unauthorized access and potential denial of service, sockets can no longer be created in a world-writable directory, such as /tmp. Sockets must now be created in the more restricted [kea-install-dir]/var/run/kea. This change addresses CVE-2025-32802 [#3831 (closed), #3840 (closed)].
- Assignee set to Christian McDonald
I've got it, this is trivial to fix.
- Subject changed from 25.11.a.20250627.1429 breaks Kea service. to Relocate Kea control socket from /var/run to /var/run/kea
- Status changed from Confirmed to Feedback
- Target version set to 2.9.0
- Plus Target Version set to 25.11
- Release Notes changed from Default to Force Exclusion
- Private changed from Yes to No
- % Done changed from 0 to 100
- Status changed from Feedback to Confirmed
Kea still does not start - it's now complaining about permissions.
- Tracker changed from Bug to Todo
- % Done changed from 100 to 0
- Subject changed from Relocate Kea control socket from /var/run to /var/run/kea to Relocate Kea control socket and lease database
It's working in the latest development version
- Status changed from Confirmed to Feedback
- Status changed from Feedback to Closed
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by 
Updated by