[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <2ee5e7afe18baa68bc8042f2ec84265d54ecbdbb.1485514374.git.jslaby@suse.cz>
Date: Fri, 27 Jan 2017 11:55:38 +0100
From: Jiri Slaby <jslaby@...e.cz>
To: stable@...r.kernel.org
Cc: linux-kernel@...r.kernel.org,
John Johansen <john.johansen@...onical.com>,
Jiri Slaby <jslaby@...e.cz>
Subject: [PATCH 3.12 205/235] apparmor: exec should not be returning ENOENT when it denies
From: John Johansen <john.johansen@...onical.com>
3.12-stable review patch. If anyone has any objections, please let me know.
===============
commit 9049a7922124d843a2cd26a02b1d00a17596ec0c upstream.
The current behavior is confusing as it causes exec failures to report
the executable is missing instead of identifying that apparmor
caused the failure.
Signed-off-by: John Johansen <john.johansen@...onical.com>
Acked-by: Seth Arnold <seth.arnold@...onical.com>
Signed-off-by: Jiri Slaby <jslaby@...e.cz>
---
security/apparmor/domain.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
index 0c23888b9816..a59766fe3b7a 100644
--- a/security/apparmor/domain.c
+++ b/security/apparmor/domain.c
@@ -437,7 +437,7 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
new_profile = aa_get_newest_profile(ns->unconfined);
info = "ux fallback";
} else {
- error = -ENOENT;
+ error = -EACCES;
info = "profile not found";
/* remove MAY_EXEC to audit as failure */
perms.allow &= ~MAY_EXEC;
--
2.11.0
Powered by blists - more mailing lists