Failed name lookup - disconnected path error for long path names
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apparmor (Ubuntu) |
Invalid
|
Undecided
|
John Johansen | ||
Precise |
Invalid
|
Undecided
|
John Johansen | ||
Quantal |
Invalid
|
Undecided
|
John Johansen | ||
linux (Ubuntu) |
Fix Released
|
Undecided
|
John Johansen | ||
Precise |
Fix Released
|
Undecided
|
John Johansen | ||
Quantal |
Fix Released
|
Undecided
|
John Johansen |
Bug Description
== Precise SRU Justification ==
This bug causes access failures when apparmor is mediating files with long pathnames. This problem is easy to trip when a confined application tries to access data encrypted with ecryptfs, but can occur on any filesystem.
== Fix ==
Commit cffee16e8b997ab
== Impact ==
Users/applicati
== Test Case ==
Run tests in from the updated apparmor regression test suite in qrt.
or manually
create a confined shell
mount encryptfs, with file name obfuscation enabled
from an unconfined shell created a 4 deep directory structure within the ecryptfs mount
create a file in the deepest directory
attempt to access the file from the confined shell
AppArmor denies access to files with a path length > 255 characters with the error message "Failed name lookup - disconnected path".
Example log entry:
Mar 15 11:43:45 felix-desktop kernel: [ 6051.608954] type=1400 audit(133180822
It seems to omit the mount point in the path name (/tmp/).
The path_max parameter is much larger:
% sudo cat /sys/module/
8192
% uname -a
Linux felix-desktop 3.2.0-18-generic #29-Ubuntu SMP Fri Mar 9 21:36:08 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux
% dpkg -l | grep apparmor
ii apparmor 2.7.100-0ubuntu1 User-space parser utility for AppArmor
ii apparmor-notify 2.7.100-0ubuntu1 AppArmor notification system
ii apparmor-utils 2.7.100-0ubuntu1 Utilities for controlling AppArmor
ii dh-apparmor 2.7.100-0ubuntu1 AppArmor debhelper routines
ii libapparmor-perl 2.7.100-0ubuntu1 AppArmor library Perl bindings
ii libapparmor1 2.7.100-0ubuntu1 changehat AppArmor library
Changed in apparmor (Ubuntu): | |
assignee: | nobody → John Johansen (jjohansen) |
status: | New → Confirmed |
description: | updated |
Changed in linux (Ubuntu): | |
assignee: | nobody → John Johansen (jjohansen) |
Changed in apparmor (Ubuntu): | |
status: | Confirmed → In Progress |
Changed in linux (Ubuntu): | |
status: | New → In Progress |
Changed in linux (Ubuntu Precise): | |
status: | New → In Progress |
assignee: | nobody → John Johansen (jjohansen) |
Changed in apparmor (Ubuntu Precise): | |
assignee: | nobody → John Johansen (jjohansen) |
Changed in linux (Ubuntu Precise): | |
status: | In Progress → Fix Committed |
Changed in apparmor (Ubuntu Precise): | |
status: | Confirmed → Invalid |
Changed in apparmor (Ubuntu Quantal): | |
status: | In Progress → Invalid |
I can't reproduce this with anything other than tar.
tar prints these error messages: (note that I don't have any NFS file systems) 4.1.10- dfsg/src/ VBox/Devices/ EFI/Firmware2/ VBoxPkg/ Library/ VBoxOemHookStat usCodeLib/ VBoxOemHookStat usCodeLib. c: Cannot open: Stale NFS file handle
tar: virtualbox-
However it works fine when I extract the archive with tar being unconfined.