Bug 228398 - LSPP: Not able to ssh into the machine with multiple categories
LSPP: Not able to ssh into the machine with multiple categories
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: mcstrans (Show other bugs)
5.0
s390x Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
: OtherQA
Depends On:
Blocks: RHEL5LSPPCertTracker
  Show dependency treegraph
 
Reported: 2007-02-12 17:17 EST by Kylene J Hall
Modified: 2009-06-19 11:03 EDT (History)
5 users (show)

See Also:
Fixed In Version: RHSA-2007-0542
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-11-07 10:34:37 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
unittest for mcstrans (1.58 KB, text/x-python)
2007-02-13 15:24 EST, Daniel Walsh
no flags Details

  None (edit)
Description Kylene J Hall 2007-02-12 17:17:34 EST
Description of problem:

SSH level selection is behaving very oddly on s390x.  When categories are given
with commas only the first is obtained (maybe a separate issue that is also seen
on other platforms).  When categories are given as a range (indicated by a .)
the range is obtained when the range spans at least one unnamed category,
however, only the first is obtained if the range only spans adjacent categories.
 For example, c0.c2 works but c0.c1 does not.


Version-Release number of selected component (if applicable):
I am not exactly sure where this problem is but here are some possible relevant
package versions:

kernel-2.6.18-6.el5.lspp.64
audit-1.3.1-1.el5
libselinux-1.33.4-3.el5
libselinux-1.33.4-3.el5
mcstrans-0.2.1-1.el5
openssh-4.3p2-16.el5

How reproducible:
Always on s390x

Steps to Reproduce:
Samples of the above examples.
1) With commas doesn't work
[root@rheal3a framework]# ssh testuser/user_r/s0:c0,c1@localhost
Password:
Password:
Last login: Mon Feb 12 15:24:44 2007 from rheal3a.endicott.ibm.com
-bash-3.1$ id
uid=501(testuser) gid=501(testuser) groups=501(testuser)
context=testuser_u:user_r:user_t:s0:c0
-bash-3.1$ exit
logout
Connection to localhost closed.

2) Minimal range with . doesn't work - Note on other platforms (such as ppc64)
this is expanded to c0,c1 and therefore could be related to above.
[root@rheal3a framework]# ssh testuser/user_r/s0:c0.c1@localhost
Password:
Last login: Mon Feb 12 15:58:33 2007 from rheal3a.endicott.ibm.com
-bash-3.1$ level
-bash: level: command not found
-bash-3.1$ id
uid=501(testuser) gid=501(testuser) groups=501(testuser)
context=testuser_u:user_r:user_t:s0:c0
-bash-3.1$ exit
logout
Connection to localhost closed.

3) Wider range works as expected.
[root@rheal3a framework]# ssh testuser/user_r/s0:c0.c2@localhost
Password:
Last login: Mon Feb 12 15:58:50 2007 from rheal3a.endicott.ibm.com
-bash-3.1$ id
uid=501(testuser) gid=501(testuser) groups=501(testuser)
context=testuser_u:user_r:user_t:s0:c0.c2
-bash-3.1$ exit
logout
Connection to localhost closed.
Comment 1 Kylene J Hall 2007-02-13 13:47:04 EST
I updated my system using the new kickstart/certification RPM and making sure I
got the latest of all relevant packages from the repo and everything works. 
Something must have happened when I updated libselinux yesterday.  Sorry for the
confusion.
Comment 2 Daniel Walsh 2007-02-13 15:24:30 EST
Created attachment 148016 [details]
unittest for mcstrans

Update mcstrans-0.2.3-1 on people.  

You need to update to the package and then you can use the test suite.	If you
find a translation that fails, please add to the testsuite.
Comment 3 Kylene J Hall 2007-02-13 16:20:57 EST
I don't know if this belongs here or not.  Let me know what you want me to do. 
I have found there is a limit to the number of categories that you ssh in with.
 i.e. the first example works, the second example with one more category does
not. (I have update to the latest level of mctrans)

[root/abat_r/SystemLow@KWUSER1 framework]# ssh
testuser/user_r/s5:c1,c3,c5,c7,c9,c11,c13,c15,c17,c19,c21,c23,c25,c27,c29,c31,c33,c35,c37,c39,c41,c43,c45,c47,c49,c51,c53,c55,c57,c59,c61,c63,c65,c67,c69,c71,c73,c75,c77,c79,c81,c83,c85,c87,c89,c91,c93,c95,c97,c99,c101,c103,c105@localhost
Could not create directory '/root/.ssh'.
The authenticity of host 'localhost (127.0.0.1)' can't be established.
RSA key fingerprint is 49:f5:9f:53:f1:aa:76:cf:59:dd:7a:6f:eb:b2:b9:e9.
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts (/root/.ssh/known_hosts).
Password:
Last login: Tue Feb 13 15:17:46 2007 from kwuser1.endicott.ibm.com
[testuser/user_r/s5:c1,c3,c5,c7,c9,c11,c13,c15,c17,c19,c21,c23,c25,c27,c29,c31,c33,c35,c37,c39,c41,c43,c45,c47,c49,c51,c53,c55,c57,c59,c61,c63,c65,c67,c69,c71,c73,c75,c77,c79,c81,c83,c85,c87,c89,c91,c93,c95,c97,c99,c101,c103,c105@KWUSER1
~]$ exit
logout
Connection to localhost closed.
[root/abat_r/SystemLow@KWUSER1 framework]# ssh
testuser/user_r/s5:c1,c3,c5,c7,c9,c11,c13,c15,c17,c19,c21,c23,c25,c27,c29,c31,c33,c35,c37,c39,c41,c43,c45,c47,c49,c51,c53,c55,c57,c59,c61,c63,c65,c67,c69,c71,c73,c75,c77,c79,c81,c83,c85,c87,c89,c91,c93,c95,c97,c99,c101,c103,c105,c107@localhost
Could not create directory '/root/.ssh'.
The authenticity of host 'localhost (127.0.0.1)' can't be established.
RSA key fingerprint is 49:f5:9f:53:f1:aa:76:cf:59:dd:7a:6f:eb:b2:b9:e9.
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts (/root/.ssh/known_hosts).
Password:
Last login: Tue Feb 13 15:18:02 2007 from kwuser1.endicott.ibm.com
Connection to localhost closed.
[root/abat_r/SystemLow@KWUSER1 framework]#
Comment 4 Linda Knippers 2007-02-13 16:23:59 EST
I've seen the error before:
Could not create directory '/root/.ssh'.

I think its because /root and its contents don't have the right context.
If you do a 'restorecon -v -R /root' you might have better luck.
Comment 5 Linda Knippers 2007-02-13 16:25:59 EST
Actually, that doesn't explain the difference in behavior that you see but
I think it explains some of the error messages.
Comment 6 Kylene J Hall 2007-02-13 16:38:23 EST
The issue isn't about the /root/.ssh.  I am not able to login with many
categories.  Notice that the example where the category list goes up to 105
succeeds but the list that goes up to 107 fails.
Comment 7 Daniel Walsh 2007-02-13 17:20:20 EST
This seems wierd.  Are you sure you sshd is running with the correct context. 
Why would a testuser be trying to update /root/.ssh?

I have successfully logged in with

 ssh
root/sysadm_r/s5:c1,c3,c5,c7,c9,c11,c13,c15,c17,c19,c21,c23,c25,c27,c29,c31,c33,c35,c37,c39,c41,c43,c45,c47,c49,c51,c53,c55,c57,c59,c61,c63,c65,c67,c69,c71,c73,c75,c77,c79,c81,c83,c85,c87,c89,c91,c93,c95,c97,c99,c101,c103,c105,c107,c108,c109,c110,c111,c211,c213,c215,c217,c219,c221,c223,c225,c227,c229,c231,c233,c235,c237,c239,c241,c243,c245,c247,c249,c251,c253,c255,c257,c259,c261,c263,c265,c267,c269,c271,c273,c275,c277,c279,c281,c283,c285,c287,c289,c291,c293,c295,c297,c299,c301,c303,c305,c307,c308,c309,c310,c311,c411,c413@xxy
root/sysadm_r/s5:c1,c3,c5,c7,c@xxy's password: 
Last login: Tue Feb 13 17:04:36 2007 from dhcp-10-12-33-199.boston.devel.redhat.com
[root@xxy ~]# id
uid=0(root) gid=0(root)
groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
context=root:sysadm_r:sysadm_t:s5:c1,c3,c5,c7,c9,c11,c13,c15,c17,c19,c21,c23,c25,c27,c29,c31,c33,c35,c37,c39,c41,c43,c45,c47,c49,c51,c53,c55,c57,c59,c61,c63,c65,c67,c69,c71,c73,c75,c77,c79,c81,c83,c85,c87,c89,c91,c93,c95,c97,c99,c101,c103,c105,c107.c111,c211,c213,c215,c217,c219,c221,c223,c225,c227,c229,c231,c233,c235,c237,c239,c241,c243,c245,c247,c249,c251,c253,c255,c257,c259,c261,c263,c265,c267,c269,c271,c273,c275,c277,c279,c281,c283,c285,c287,c289,c291,c293,c295,c297,c299,c301,c303,c305,c307.c311,c411,c413

But it soon breaks after that.  Of course this is an evil test.  :^)
Comment 8 Kylene J Hall 2007-02-13 17:46:37 EST
Sorry to cause the confusion with the /root/.ssh it was just a label problem. 
For our tests we ssh in as a user and the /bin/su - to root and run our
frameworks from there.  I have retested on another machine just to make sure I
am not crazy.  This is on an s390x installed today with the latest RC, kickstart
and lspp rpm along with updating all the packages on dwalsh people page repo and
the kernel to lspp.64.  Here are the results I get (I can't test as root do to
the lspp config):

[root/abat_r/SystemLow@KWUSER3 framework]# ssh
testuser/user_r/s5:c1,c3,c5,c7,c9,c11,c13,c15,c17,c19,c21,c23,c25,c27,c29,c31,c33,c35,c37,c39,c41,c43,c45,c47,c49,c51,c53,c55,c57,c59,c61,c63,c65,c67,c69,c71,c73,c75,c77,c79,c81,c83,c85,c87,c89,c91,c93,c95,c97,c99,c101,c103,c105,c107,c108,c109,c110,c111,c211,c213,c215,c217,c219,c221,c223,c225,c227,c229,c231,c233,c235,c237,c239,c241,c243,c245,c247,c249,c251,c253,c255,c257,c259,c261,c263,c265,c267,c269,c271,c273,c275,c277,c279,c281,c283,c285,c287,c289,c291,c293,c295,c297,c299,c301,c303,c305,c307,c308,c309,c310,c311,c411,c413@localhost
Password:
Last login: Tue Feb 13 16:25:39 2007 from kwuser2.endicott.ibm.com
Connection to localhost closed.
[root/abat_r/SystemLow@KWUSER3 framework]# ssh
testuser/user_r/s5:c1,c3,c5,c7,c9,c11,c13,c15,c17,c19,c21,c23,c25,c27,c29,c31,c33,c35,c37,c39,c41,c43,c45,c47,c49,c51,c53,c55,c57,c59,c61,c63,c65,c67,c69,c71,c73,c75,c77,c79,c81,c83,c85,c87,c89,c91,c93,c95,c97,c99,c101,c103,c105,c107@localhost
Password: Last login: Tue Feb 13 16:40:41 2007 from kwuser2.endicott.ibm.com
Connection to localhost closed.
[root/abat_r/SystemLow@KWUSER3 framework]# ssh
testuser/user_r/s5:c1,c3,c5,c7,c9,c11,c13,c15,c17,c19,c21,c23,c25,c27,c29,c31,c33,c35,c37,c39,c41,c43,c45,c47,c49,c51,c53,c55,c57,c59,c61,c63,c65,c67,c69,c71,c73,c75,c77,c79,c81,c83,c85,c87,c89,c91,c93,c95,c97,c99,c101,c103,c105@localhost
Password:
Last login: Tue Feb 13 16:41:09 2007 from kwuser2.endicott.ibm.com
[testuser/user_r/s5:c1,c3,c5,c7,c9,c11,c13,c15,c17,c19,c21,c23,c25,c27,c29,c31,c33,c35,c37,c39,c41,c43,c45,c47,c49,c51,c53,c55,c57,c59,c61,c63,c65,c67,c69,c71,c73,c75,c77,c79,c81,c83,c85,c87,c89,c91,c93,c95,c97,c99,c101,c103,c105@KWUSER3
~]$ exit
logout
Connection to localhost closed.
[root/abat_r/SystemLow@KWUSER3 framework]# ssh
ealuser/staff_r/s5:c1,c3,c5,c7,c9,c11,c13,c15,c17,c19,c21,c23,c25,c27,c29,c31,c33,c35,c37,c39,c41,c43,c45,c47,c49,c51,c53,c55,c57,c59,c61,c63,c65,c67,c69,c71,c73,c75,c77,c79,c81,c83,c85,c87,c89,c91,c93,c95,c97,c99,c101,c103,c105@localhost
Password:
Last login: Tue Feb 13 16:28:02 2007 from sig-9-76-206-16.mts.ibm.com
[ealuser/staff_r/s5:c1,c3,c5,c7,c9,c11,c13,c15,c17,c19,c21,c23,c25,c27,c29,c31,c33,c35,c37,c39,c41,c43,c45,c47,c49,c51,c53,c55,c57,c59,c61,c63,c65,c67,c69,c71,c73,c75,c77,c79,c81,c83,c85,c87,c89,c91,c93,c95,c97,c99,c101,c103,c105@KWUSER3
~]$ exit
logout
Connection to localhost closed.
[root/abat_r/SystemLow@KWUSER3 framework]# ssh
ealuser/staff_r/s5:c1,c3,c5,c7,c9,c11,c13,c15,c17,c19,c21,c23,c25,c27,c29,c31,c33,c35,c37,c39,c41,c43,c45,c47,c49,c51,c53,c55,c57,c59,c61,c63,c65,c67,c69,c71,c73,c75,c77,c79,c81,c83,c85,c87,c89,c91,c93,c95,c97,c99,c101,c103,c105,c107@localhost
Password:
Last login: Tue Feb 13 16:41:45 2007 from kwuser2.endicott.ibm.com
Connection to localhost closed.
[root/abat_r/SystemLow@KWUSER3 framework]#

You call the test case evil but the original testcase was trying to specify all
the odd categories up to 1023.  This was simply pairing down to where the
failure point is.

Comment 9 Daniel Walsh 2007-02-14 09:36:44 EST
The question is whether the test case is realistic.  IE We can go in and try to
figure  out what the problem is.  or is the size of this enough to get 

I have run some tests on mcstrans and libselinux and it seems to handle much
larger data than this, so I think this might be a openssh problem.
Comment 10 Daniel Walsh 2007-02-14 09:38:10 EST
Basically running a test with 1024 categories works with the latest mcstrans.
Comment 11 Kylene J Hall 2007-02-14 14:21:15 EST
I tried the ssh on another platform (ppc64) to get another data point.  I had
the same results as the s390x.

[ealuser/staff_r/SystemLow@hvracer3 ~]$ ssh
ealuser/staff_r/s5:c1,c3,c5,c7,c9,c11,c13,c15,c17,c19,c21,c23,c25,c27,c29,c31,c33,c35,c37,c39,c41,c43,c45,c47,c49,c51,c53,c55,c57,c59,c61,c63,c65,c67,c69,c71,c73,c75,c77,c79,c81,c83,c85,c87,c89,c91,c93,c95,c97,c99,c101,c103,c105@localhost
The authenticity of host 'localhost (127.0.0.1)' can't be established.
RSA key fingerprint is 2f:7d:54:30:69:db:d1:5b:8f:68:a4:56:05:73:dd:c0.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (RSA) to the list of known hosts.
Password:
Last login: Wed Feb 14 13:14:52 2007 from sig-9-65-34-127.mts.ibm.com
[ealuser/staff_r/s5:c1,c3,c5,c7,c9,c11,c13,c15,c17,c19,c21,c23,c25,c27,c29,c31,c33,c35,c37,c39,c41,c43,c45,c47,c49,c51,c53,c55,c57,c59,c61,c63,c65,c67,c69,c71,c73,c75,c77,c79,c81,c83,c85,c87,c89,c91,c93,c95,c97,c99,c101,c103,c105@hvracer3
~]$ exit
logout
Connection to localhost closed.
[ealuser/staff_r/SystemLow@hvracer3 ~]$ ssh
ealuser/staff_r/s5:c1,c3,c5,c7,c9,c11,c13,c15,c17,c19,c21,c23,c25,c27,c29,c31,c33,c35,c37,c39,c41,c43,c45,c47,c49,c51,c53,c55,c57,c59,c61,c63,c65,c67,c69,c71,c73,c75,c77,c79,c81,c83,c85,c87,c89,c91,c93,c95,c97,c99,c101,c103,c105,c107@localhost
Password:
Last login: Wed Feb 14 13:17:02 2007 from localhost.localdomain
Connection to localhost closed.
Comment 12 Klaus Heinrich Kiwi 2007-02-15 13:18:38 EST
the problem is the filesystem's filename size limit (polyinstantiation attacks
again). With the above testcase, check /var/log/secure:

Feb 15 09:12:30 zaphod sshd[2160]: pam_namespace(sshd:session): Error creating
/home/home.inst/staff_u:object_r:staff_home_dir_t:s5:c1,c3,c5,c7,c9,c11,c13,c15,c17,c19,c21,c23,c25,c27,c29,c31,c33,c35,c37,c39,c41,c43,c45,c47,c49,c51,c53,c55,c57,c59,c61,c63,c65,c67,c69,c71,c73,c75,c77,c79,c81,c83,c85,c87,c89,c91,c93,c95,c97,c99,c101,c103,c105,c109,c111_ealuser,
File name too long

If I use a user which is not polyinst (add it to /etc/security/namespace.conf),
I can successfully log-in with:

[root@zaphod framework]# ssh
abat//s5:c1,c3,c5,c7,c9,c11,c13,c15,c17,c19,c21,c23,c25,c27,c29,c31,c33,c35,c37,c39,c41,c43,c45,c47,c49,c51,c53,c55,c57,c59,c61,c63,c65,c67,c69,c71,c73,c75,c77,c79,c81,c83,c85,c87,c89,c91,c93,c95,c97,c99,c101,c103,c105,c107,c109,c111,c113,c115,c117,c119,c121,c123,c125,c127,c129,c131,c133,c135,c137,c139,c141,c143,c145,c147,c149,c151,c153,c155,c157,c159,c161,c163,c165,c167,c169,c171,c173,c175,c177,c179,c181,c183,c185,c187,c189,c191,c193,c195,c197,c199,c201,c203,c205,c207,c209,c211,c213,c215,c217,c219,c221,c223,c225,c227,c229,c231,c233,c235,c237,c239,c241,c243,c245,c247,c249,c251,c253,c255,c257,c259,c261,c263,c265,c267,c269,c271,c273,c275,c277,c279,c281,c283,c285,c287,c289,c291,c293,c295,c297,c299,c301,c303,c305,c307,c309,c311,c313,c315,c317,c319,c321,c323,c325,c327,c329,c331,c333,c335,c337,c339,c341,c343,c345,c347,c349,c351,c353,c355,c357,c359,c361,c363,c365,c367,c369,c371,c373,c375,c377,c379,c381,c383,c385,c387,c389,c391,c393,c395,c397,c399,c401,c403,c405,c407,c409,c411,c413,c415,c417,c419,c421,c423,c425,c427,c429,c431,c433,c435,c437,c439,c441,c443,c445,c447,c449,c451,c453,c455,c457,c459,c461,c463,c465,c467,c469,c471,c473,c475,c477,c479,c481,c483,c485,c487,c489,c491,c493,c495,c497,c499,c501,c503,c505,c507,c509,c511,c513,c515,c517,c519,c521,c523,c525,c527,c529,c531,c533,c535,c537,c539,c541,c543,c545,c547,c549,c551,c553,c555,c557,c559,c561,c563,c565,c567,c569,c571,c573,c575,c577,c579,c581,c583,c585,c587,c589,c591,c593,c595,c597,c599,c601,c603,c605,c607,c609,c611,c613,c615,c617,c619,c621,c623,c625,c627,c629,c631,c633,c635,c637,c639,c641,c643,c645,c647,c649,c651,c653,c655,c657,c659,c661,c663,c665,c667,c669,c671,c673,c675,c677,c679,c681,c683,c685,c687,c689,c691,c693,c695,c697,c699,c701,c703,c705,c707,c709,c711,c713,c715,c717,c719,c721,c723,c725,c727,c729,c731,c733,c735,c737,c739,c741,c743,c745,c747,c749,c751,c753,c755,c757,c759,c761,c763,c765,c767,c769,c771,c773,c775,c777,c779,c781,c783,c785,c787,c789,c791,c793,c795,c797,c799,c801,c803,c805,c807,c809,c811,c813,c815,c817,c819,c821,c823,c825,c827,c829,c831,c833,c835,c837,c839,c841,c843,c845,c847,c849,c851,c853,c855,c857,c859,c861,c863,c865,c867,c869,c871,c873,c875,c877,c879,c881,c883,c885,c887,c889,c891,c893,c895,c897,c899,c901,c903,c905,c907,c909,c911,c913,c915,c917,c919,c921,c923,c925,c927,c929,c931,c933,c935,c937,c939,c941,c943,c945,c947,c949,c951,c953,c955,c957,c959,c961,c963,c965,c967,c969,c971,c973,c975,c977,c979,c981,c983,c985,c987,c989,c991,c993,c995,c997,c999,c1001,c1003,c1005,c1007,c1009,c1011,c1013,c1015,c1017,c1019,c1021,c1023@localhost
Password:
Last login: Thu Feb 15 10:04:22 2007 from localhost.localdomain
[abat@zaphod ~]$ id
uid=502(abat) gid=502(abat) groups=10(wheel),502(abat)
context=abat_u:abat_r:abat_t:s5:c1,c3,c5,c7,c9,c11,c13,c15,c17,c19,c21,c23,c25,c27,c29,c31,c33,c35,c37,c39,c41,c43,c45,c47,c49,c51,c53,c55,c57,c59,c61,c63,c65,c67,c69,c71,c73,c75,c77,c79,c81,c83,c85,c87,c89,c91,c93,c95,c97,c99,c101,c103,c105,c107,c109,c111,c113,c115,c117,c119,c121,c123,c125,c127,c129,c131,c133,c135,c137,c139,c141,c143,c145,c147,c149,c151,c153,c155,c157,c159,c161,c163,c165,c167,c169,c171,c173,c175,c177,c179,c181,c183,c185,c187,c189,c191,c193,c195,c197,c199,c201,c203,c205,c207,c209,c211,c213,c215,c217,c219,c221,c223,c225,c227,c229,c231,c233,c235,c237,c239,c241,c243,c245,c247,c249,c251,c253,c255,c257,c259,c261,c263,c265,c267,c269,c271,c273,c275,c277,c279,c281,c283,c285,c287,c289,c291,c293,c295,c297,c299,c301,c303,c305,c307,c309,c311,c313,c315,c317,c319,c321,c323,c325,c327,c329,c331,c333,c335,c337,c339,c341,c343,c345,c347,c349,c351,c353,c355,c357,c359,c361,c363,c365,c367,c369,c371,c373,c375,c377,c379,c381,c383,c385,c387,c389,c391,c393,c395,c397,c399,c401,c403,c405,c407,c409,c411,c413,c415,c417,c419,c421,c423,c425,c427,c429,c431,c433,c435,c437,c439,c441,c443,c445,c447,c449,c451,c453,c455,c457,c459,c461,c463,c465,c467,c469,c471,c473,c475,c477,c479,c481,c483,c485,c487,c489,c491,c493,c495,c497,c499,c501,c503,c505,c507,c509,c511,c513,c515,c517,c519,c521,c523,c525,c527,c529,c531,c533,c535,c537,c539,c541,c543,c545,c547,c549,c551,c553,c555,c557,c559,c561,c563,c565,c567,c569,c571,c573,c575,c577,c579,c581,c583,c585,c587,c589,c591,c593,c595,c597,c599,c601,c603,c605,c607,c609,c611,c613,c615,c617,c619,c621,c623,c625,c627,c629,c631,c633,c635,c637,c639,c641,c643,c645,c647,c649,c651,c653,c655,c657,c659,c661,c663,c665,c667,c669,c671,c673,c675,c677,c679,c681,c683,c685,c687,c689,c691,c693,c695,c697,c699,c701,c703,c705,c707,c709,c711,c713,c715,c717,c719,c721,c723,c725,c727,c729,c731,c733,c735,c737,c739,c741,c743,c745,c747,c749,c751,c753,c755,c757,c759,c761,c763,c765,c767,c769,c771,c773,c775,c777,c779,c781,c783,c785,c787,c789,c791,c793,c795,c797,c799,c801,c803,c805,c807,c809,c811,c813,c815,c817,c819,c821,c823,c825,c827,c829,c831,c833,c835,c837,c839,c841,c843,c845,c847,c849,c851,c853,c855,c857,c859,c861,c863,c865,c867,c869,c871,c873,c875,c877,c879,c881,c883,c885,c887,c889,c891,c893,c895,c897,c899,c901,c903,c905,c907,c909,c911,c913,c915,c917,c919,c921,c923,c925,c927,c929,c931,c933,c935,c937,c939,c941,c943,c945,c947,c949,c951,c953,c955,c957,c959,c961,c963,c965,c967,c969,c971,c973,c975,c977,c979,c981,c983,c985,c987,c989,c991,c993,c995,c997,c999,c1001,c1003,c1005,c1007,c1009,c1011,c1013,c1015,c1017,c1019,c1021,c1023
[abat@zaphod ~]$ 
Comment 13 Steve Grubb 2007-02-15 13:47:19 EST
What needs to happen is that both pam and sshd need to check if the basename of
the file/dir is < NAME_MAX from limits.h and that the whole path is < PATH_MAX.
It  could possibly change to a hashed name if this limit is violated. I think
the original namespace patch used hashes but this was dropped for readibility.
So, maybe we should have readability until we hit the NAME_MAX limit and then
switch to cryptic dir names.
Comment 14 Tomas Mraz 2007-02-26 13:58:32 EST
The original problem was in mcstrans and should be resolved with the current
LSPP packages.
Comment 15 Tomas Mraz 2007-02-26 14:02:39 EST
I have created bug 230120 for the 'large number of categories problem'.
Comment 22 errata-xmlrpc 2007-11-07 10:34:37 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2007-0542.html

Note You need to log in before you can comment on or make changes to this bug.