apparmor: exec should not be returning ENOENT when it denies

commit 9049a7922124d843a2cd26a02b1d00a17596ec0c upstream. The current behavior is confusing as it causes exec failures to report the executable is missing instead of identifying that apparmor caused the failure. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com> Signed-off-by: Jiri Slaby <jslaby@suse.cz>
author: John Johansen <john.johansen@canonical.com> 2014-07-25 04:02:03 -0700
committer: Jiri Slaby <jslaby@suse.cz> 2017-01-27 11:16:06 +0100
commit: 2ee5e7afe18baa68bc8042f2ec84265d54ecbdbb (patch)
tree: b5e1c1f0e4d4dd4e7ef945e0913a0b14ac7e86ac
parent: 087e1f324ea2685122c6c9267ffd9cf8b474ac23 (diff)
download: linux-stable-2ee5e7afe18baa68bc8042f2ec84265d54ecbdbb.tar.gz
linux-stable-2ee5e7afe18baa68bc8042f2ec84265d54ecbdbb.tar.bz2
linux-stable-2ee5e7afe18baa68bc8042f2ec84265d54ecbdbb.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
index 0c23888b9816..a59766fe3b7a 100644
--- a/security/apparmor/domain.c
+++ b/security/apparmor/domain.c
@@ -437,7 +437,7 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
 				new_profile = aa_get_newest_profile(ns->unconfined);
 				info = "ux fallback";
 			} else {
-				error = -ENOENT;
+				error = -EACCES;
 				info = "profile not found";
 				/* remove MAY_EXEC to audit as failure */
 				perms.allow &= ~MAY_EXEC;
author	John Johansen <john.johansen@canonical.com>	2014-07-25 04:02:03 -0700
committer	Jiri Slaby <jslaby@suse.cz>	2017-01-27 11:16:06 +0100
commit	2ee5e7afe18baa68bc8042f2ec84265d54ecbdbb (patch)
tree	b5e1c1f0e4d4dd4e7ef945e0913a0b14ac7e86ac
parent	087e1f324ea2685122c6c9267ffd9cf8b474ac23 (diff)
download	linux-stable-2ee5e7afe18baa68bc8042f2ec84265d54ecbdbb.tar.gz linux-stable-2ee5e7afe18baa68bc8042f2ec84265d54ecbdbb.tar.bz2 linux-stable-2ee5e7afe18baa68bc8042f2ec84265d54ecbdbb.zip