← Back to team overview

kernel-packages team mailing list archive

[Bug 955892] Re: Failed name lookup - disconnected path error for long path names

 

Well, you can use Long Path Tool for such issues, it works good.

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/955892

Title:
  Failed name lookup - disconnected path error for long path names

Status in “apparmor” package in Ubuntu:
  Invalid
Status in “linux” package in Ubuntu:
  Fix Released
Status in “apparmor” source package in Precise:
  Invalid
Status in “linux” source package in Precise:
  Fix Released
Status in “apparmor” source package in Quantal:
  Invalid
Status in “linux” source package in Quantal:
  Fix Released

Bug description:
  == Precise SRU Justification ==

  This bug causes access failures when apparmor is mediating files with
  long pathnames. This problem is easy to trip when a confined
  application tries to access data encrypted with ecryptfs, but can
  occur on any filesystem.

  == Fix ==

  Commit cffee16e8b997ab947de661e8820e486b0830c94 from security/next
  queue for 3.5 kernel fixes the issue

  == Impact ==

  Users/application/daemons can not access the affected files while
  confined, which can result in application failures, users unable to
  access data, and confusion as the error message reported by the shell
  is "Cannot open: Stale NFS file handle", whether or not NFS is in use.

  == Test Case ==

     Run tests in from the updated apparmor regression test suite in
  qrt.

  or manually
    create a confined shell
    mount encryptfs, with file name obfuscation enabled
    from an unconfined shell created a 4 deep directory structure within the ecryptfs mount
    create a file in the deepest directory
    attempt to access the file from the confined shell


  AppArmor denies access to files with a path length > 255 characters
  with the error message "Failed name lookup - disconnected path".

  Example log entry:
  Mar 15 11:43:45 felix-desktop kernel: [ 6051.608954] type=1400 audit(1331808225.843:4896): apparmor="DENIED" operation="mknod" info="Failed name lookup - disconnected path" error=-116 parent=24422 profile="/usr/bin/lintian" name="temp-lintian-lab-xpvh_Pjhrm/pool/v/virtualbox/virtualbox_4.1.10-dfsg-1_source/virtualbox_4.1.10-dfsg.orig.tar.bz2.tmp-extract.5399h/virtualbox-4.1.10-dfsg/src/VBox/Devices/EFI/Firmware2/VBoxPkg/Library/VBoxOemHookStatusCodeLib/VBoxOemHookStatusCodeLib.c" pid=24433 comm="tar" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000

  It seems to omit the mount point in the path name (/tmp/).

  The path_max parameter is much larger:

  % sudo cat /sys/module/apparmor/parameters/path_max
  8192

  % uname -a
  Linux felix-desktop 3.2.0-18-generic #29-Ubuntu SMP Fri Mar 9 21:36:08 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux

  % dpkg -l | grep apparmor
  ii  apparmor                               2.7.100-0ubuntu1                         User-space parser utility for AppArmor
  ii  apparmor-notify                        2.7.100-0ubuntu1                         AppArmor notification system
  ii  apparmor-utils                         2.7.100-0ubuntu1                         Utilities for controlling AppArmor
  ii  dh-apparmor                            2.7.100-0ubuntu1                         AppArmor debhelper routines
  ii  libapparmor-perl                       2.7.100-0ubuntu1                         AppArmor library Perl bindings
  ii  libapparmor1                           2.7.100-0ubuntu1                         changehat AppArmor library

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/955892/+subscriptions