kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #42542
[Bug 955892] Re: Failed name lookup - disconnected path error for long path names
Well, you can use Long Path Tool for such issues, it works good.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/955892
Title:
Failed name lookup - disconnected path error for long path names
Status in “apparmor” package in Ubuntu:
Invalid
Status in “linux” package in Ubuntu:
Fix Released
Status in “apparmor” source package in Precise:
Invalid
Status in “linux” source package in Precise:
Fix Released
Status in “apparmor” source package in Quantal:
Invalid
Status in “linux” source package in Quantal:
Fix Released
Bug description:
== Precise SRU Justification ==
This bug causes access failures when apparmor is mediating files with
long pathnames. This problem is easy to trip when a confined
application tries to access data encrypted with ecryptfs, but can
occur on any filesystem.
== Fix ==
Commit cffee16e8b997ab947de661e8820e486b0830c94 from security/next
queue for 3.5 kernel fixes the issue
== Impact ==
Users/application/daemons can not access the affected files while
confined, which can result in application failures, users unable to
access data, and confusion as the error message reported by the shell
is "Cannot open: Stale NFS file handle", whether or not NFS is in use.
== Test Case ==
Run tests in from the updated apparmor regression test suite in
qrt.
or manually
create a confined shell
mount encryptfs, with file name obfuscation enabled
from an unconfined shell created a 4 deep directory structure within the ecryptfs mount
create a file in the deepest directory
attempt to access the file from the confined shell
AppArmor denies access to files with a path length > 255 characters
with the error message "Failed name lookup - disconnected path".
Example log entry:
Mar 15 11:43:45 felix-desktop kernel: [ 6051.608954] type=1400 audit(1331808225.843:4896): apparmor="DENIED" operation="mknod" info="Failed name lookup - disconnected path" error=-116 parent=24422 profile="/usr/bin/lintian" name="temp-lintian-lab-xpvh_Pjhrm/pool/v/virtualbox/virtualbox_4.1.10-dfsg-1_source/virtualbox_4.1.10-dfsg.orig.tar.bz2.tmp-extract.5399h/virtualbox-4.1.10-dfsg/src/VBox/Devices/EFI/Firmware2/VBoxPkg/Library/VBoxOemHookStatusCodeLib/VBoxOemHookStatusCodeLib.c" pid=24433 comm="tar" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
It seems to omit the mount point in the path name (/tmp/).
The path_max parameter is much larger:
% sudo cat /sys/module/apparmor/parameters/path_max
8192
% uname -a
Linux felix-desktop 3.2.0-18-generic #29-Ubuntu SMP Fri Mar 9 21:36:08 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux
% dpkg -l | grep apparmor
ii apparmor 2.7.100-0ubuntu1 User-space parser utility for AppArmor
ii apparmor-notify 2.7.100-0ubuntu1 AppArmor notification system
ii apparmor-utils 2.7.100-0ubuntu1 Utilities for controlling AppArmor
ii dh-apparmor 2.7.100-0ubuntu1 AppArmor debhelper routines
ii libapparmor-perl 2.7.100-0ubuntu1 AppArmor library Perl bindings
ii libapparmor1 2.7.100-0ubuntu1 changehat AppArmor library
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/955892/+subscriptions