redonkable
/
alistair23-linux
1
0
Fork 0
Code Releases Activity

apparmor: exec should not be returning ENOENT when it denies 

The current behavior is confusing as it causes exec failures to report
the executable is missing instead of identifying that apparmor
caused the failure.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
hifive-unleashed-5.1
John Johansen 2014-07-25 04:02:03 -07:00
parent b6b1b81b3a
commit 9049a79221
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
security/apparmor/domain.c
View File

@ -433,7 +433,7 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
new_profile = aa_get_newest_profile(ns->unconfined);
info = "ux fallback";
} else {
error = -ENOENT;
error = -EACCES;
info = "profile not found";
/* remove MAY_EXEC to audit as failure */
perms.allow &= ~MAY_EXEC;