[apparmor] PATCH [3/6] - allow error= field to return negative error codes
John Johansen
john.johansen at canonical.com
Fri Sep 10 01:21:34 BST 2010
On 09/09/2010 05:07 PM, Steve Beattie wrote:
> Sigh, one last question:
>
> On Thu, Sep 09, 2010 at 08:36:32AM -0700, John Johansen wrote:
>> The kernel can return negative error codes for error=
>>
>> Index: libapparmor/src/grammar.y
>> ===================================================================
>> --- libapparmor.orig/src/grammar.y 2010-09-09 07:56:50.534193401 -0700
>> +++ libapparmor/src/grammar.y 2010-09-09 07:59:37.364193121 -0700
>> @@ -92,6 +92,7 @@
>>
>> %token TOK_EQUALS
>> %token TOK_COLON
>> +%token TOK_MINUS
>> %token TOK_OPEN_PAREN
>> %token TOK_CLOSE_PAREN
>> %token TOK_PERIOD
>> @@ -434,6 +435,8 @@
>> { ret_record->event = lookup_aa_event($3);}
>> | TOK_KEY_ERROR TOK_EQUALS TOK_DIGITS
>> { ret_record->error_code = $3;}
>> + | TOK_KEY_ERROR TOK_EQUALS TOK_MINUS TOK_DIGITS
>> + { ret_record->error_code = $4;}
>
> The result of this is that it ends up returning just the numeric
> component of the error code in the error_code field. Is that intended,
> or should it include the negative sign?
>
> (It's unclear to me what these negative values are here, though I do see
> the change_hat error values being returned.)
>
yeah it was intentional, the kernels errno value which is always negative. We used to drop the negative sign kernel side.
More information about the AppArmor
mailing list