kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #23841
[Bug 1244157] Re: [3.11.0-12.18 regression] "Failed name lookup - disconnected path" in dhclient D-BUS access
So yes this is because of the unshare of the file system namespace.
Currently the only work around is the use of the attach_disconnected
flag. Alternate solutions are coming as part of the work to support lxc
Martin:
The only way to temporarily add the attach_disconnected flag is to manually replace the profile with a version that has the flag added. The manually loaded profile can be from anywhere
apparmor_parser -Kr <profile file>
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1244157
Title:
[3.11.0-12.18 regression] "Failed name lookup - disconnected path" in
dhclient D-BUS access
Status in “apparmor” package in Ubuntu:
New
Status in “linux” package in Ubuntu:
Confirmed
Status in “network-manager” package in Ubuntu:
New
Bug description:
On October 9 the NetworkManager tests started failing
(https://jenkins.qa.ubuntu.com/view/Saucy/view/AutoPkgTest/job/saucy-
adt-network-manager/?). Unfortunately the more recent saucy logs got
lost, but the trusty ones have the information, like in
https://jenkins.qa.ubuntu.com/view/Trusty/view/AutoPkgTest/job
/trusty-adt-network-manager/1/ARCH=i386,label=adt/
In these, dhclient that gets called through NetworkManager and
/usr/lib/NetworkManager/nm-dhcp-client.action cannot access the system
D-BUS any more:
----------- NM log ------------
NetworkManager[24451]: <info> Activation (eth42) Stage 3 of 5 (IP Configure Start) complete.
Internet Systems Consortium DHCP Client 4.2.4
Copyright 2004-2012 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Error: could not get the system bus. Make sure the message bus daemon is running! Message: (org.freedesktop.D
Bus.Error.AccessDenied) Failed to connect to socket /var/run/dbus/system_bus_socket: Permission denied
----------- NM log ------------
In syslog, you see this at that time:
------------ syslog ---------
Oct 21 14:11:24 autopkgtest kernel: [ 288.320754] type=1400 audit(1382364684.505:21): apparmor="DENIED" operation="connect" info="Failed name lookup - disconnected path" error=-13 parent=18759 profile="/usr/lib/NetworkManager/nm-dhcp-client.action" name="run/dbus/system_bus_socket" pid=18760 comm="nm-dhcp-client." requested_mask="rw" denied_mask="rw" fsuid=0 ouid=0
Oct 21 14:11:24 autopkgtest kernel: [ 288.333814] type=1400 audit(1382364684.517:22): apparmor="DENIED" operation="sendmsg" info="Failed name lookup - disconnected path" error=-13 parent=18752 profile="/sbin/dhclient" name="dev/log" pid=18759 comm="dhclient" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
------------ syslog ---------
This gets fixed if I do "sudo /etc/init.d/apparmor teardown". But it
does not seem to be a problem with the policy itself; if I do "sudo
aa-complain dhclient" then dmesg changes to
[ 8054.314704] type=1400 audit(1382609088.727:672): apparmor="ALLOWED" operation="sendmsg" info="Failed name lookup - disconnected path" error=-13 parent=24451 profile="/sbin/dhclient" name="dev/log" pid=24736 comm="dhclient" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
[ 8054.341409] type=1400 audit(1382609088.755:673): apparmor="ALLOWED" operation="connect" info="Failed name lookup - disconnected path" error=-13 parent=24736 profile="/usr/lib/NetworkManager/nm-dhcp-client.action" name="run/dbus/system_bus_socket" pid=24737 comm="nm-dhcp-client." requested_mask="rw" denied_mask="rw" fsuid=0 ouid=0
So this doesn't look like a problem with the policy but rather with
some internal AppArmor name parsing?
I found an old bug 955892 with the same error message, but that got
fixed a while ago, and this does not involve ecryptfs or anythign
similar. It's just a plain trusty VM with the NetworkManager
autopkgtest.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1244157/+subscriptions