[apparmor] [PATCH 04/16] apparmor: exec should not be returning ENOENT when it denies
Seth Arnold
seth.arnold at canonical.com
Wed Apr 27 22:56:46 UTC 2016
On Wed, Apr 20, 2016 at 11:52:46PM -0700, John Johansen wrote:
> The current behavior is confusing as it causes exec failures to report
> the executable is missing instead of identifying that apparmor
> caused the failure.
>
> Signed-off-by: John Johansen <john.johansen at canonical.com>
Acked-by: Seth Arnold <seth.arnold at canonical.com>
Thanks
> ---
> security/apparmor/domain.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
> index dc0027b..67a7418 100644
> --- a/security/apparmor/domain.c
> +++ b/security/apparmor/domain.c
> @@ -433,7 +433,7 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
> new_profile = aa_get_newest_profile(ns->unconfined);
> info = "ux fallback";
> } else {
> - error = -ENOENT;
> + error = -EACCES;
> info = "profile not found";
> /* remove MAY_EXEC to audit as failure */
> perms.allow &= ~MAY_EXEC;
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160427/bfc5bd71/attachment.pgp>
More information about the AppArmor
mailing list