← Back to team overview

kernel-packages team mailing list archive

[Bug 1244157] Re: [3.11.0-12.18 regression] "Failed name lookup - disconnected path" in dhclient D-BUS access

 

>From discussion with Jamie: Changing /etc/apparmor.d/sbin.dhclient to

   /usr/lib/NetworkManager/nm-dhcp-client.action
flags=(attach_disconnected) {

does the trick. Apparently this happens because the NM tests unshare the
file system namespace.

They do this because they mount tmpfses over /run/NetworkManager,
/etc/NetworkManager and similar, so that they don't destroy the real
files on the production system.

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1244157

Title:
  [3.11.0-12.18 regression] "Failed name lookup - disconnected path" in
  dhclient D-BUS access

Status in “apparmor” package in Ubuntu:
  New
Status in “linux” package in Ubuntu:
  Confirmed

Bug description:
  On October 9 the NetworkManager tests started failing
  (https://jenkins.qa.ubuntu.com/view/Saucy/view/AutoPkgTest/job/saucy-
  adt-network-manager/?). Unfortunately the more recent saucy logs got
  lost, but the trusty ones have the information, like in

    https://jenkins.qa.ubuntu.com/view/Trusty/view/AutoPkgTest/job
  /trusty-adt-network-manager/1/ARCH=i386,label=adt/

  In these, dhclient that gets called through NetworkManager and
  /usr/lib/NetworkManager/nm-dhcp-client.action cannot access the system
  D-BUS any more:

  ----------- NM log ------------
  NetworkManager[24451]: <info> Activation (eth42) Stage 3 of 5 (IP Configure Start) complete.
  Internet Systems Consortium DHCP Client 4.2.4
  Copyright 2004-2012 Internet Systems Consortium.
  All rights reserved.
  For info, please visit https://www.isc.org/software/dhcp/

  Error: could not get the system bus.  Make sure the message bus daemon is running!  Message: (org.freedesktop.D
  Bus.Error.AccessDenied) Failed to connect to socket /var/run/dbus/system_bus_socket: Permission denied
  ----------- NM log ------------

  In syslog, you see this at that time:

  ------------ syslog ---------
  Oct 21 14:11:24 autopkgtest kernel: [  288.320754] type=1400 audit(1382364684.505:21): apparmor="DENIED"  operation="connect" info="Failed name lookup - disconnected path" error=-13 parent=18759 profile="/usr/lib/NetworkManager/nm-dhcp-client.action" name="run/dbus/system_bus_socket" pid=18760 comm="nm-dhcp-client." requested_mask="rw" denied_mask="rw" fsuid=0 ouid=0
  Oct 21 14:11:24 autopkgtest kernel: [  288.333814] type=1400 audit(1382364684.517:22): apparmor="DENIED" operation="sendmsg" info="Failed name lookup - disconnected path" error=-13 parent=18752 profile="/sbin/dhclient" name="dev/log" pid=18759 comm="dhclient" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
  ------------ syslog ---------

  This gets fixed if I do "sudo /etc/init.d/apparmor teardown". But it
  does not seem to be a problem with the policy itself; if I do "sudo
  aa-complain dhclient" then dmesg changes to

  [ 8054.314704] type=1400 audit(1382609088.727:672): apparmor="ALLOWED" operation="sendmsg" info="Failed name lookup - disconnected path" error=-13 parent=24451 profile="/sbin/dhclient" name="dev/log" pid=24736 comm="dhclient" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
  [ 8054.341409] type=1400 audit(1382609088.755:673): apparmor="ALLOWED" operation="connect" info="Failed name lookup - disconnected path" error=-13 parent=24736 profile="/usr/lib/NetworkManager/nm-dhcp-client.action" name="run/dbus/system_bus_socket" pid=24737 comm="nm-dhcp-client." requested_mask="rw" denied_mask="rw" fsuid=0 ouid=0

  So this doesn't look like a problem with the policy but rather with
  some internal AppArmor name parsing?

  I found an old bug 955892 with the same error message, but that got
  fixed a while ago, and this does not involve ecryptfs or anythign
  similar. It's just a plain trusty VM with the NetworkManager
  autopkgtest.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1244157/+subscriptions