summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJohn Johansen <john.johansen@canonical.com>2014-07-25 04:02:03 -0700
committerJohn Johansen <john.johansen@canonical.com>2016-07-12 08:43:10 -0700
commit9049a7922124d843a2cd26a02b1d00a17596ec0c (patch)
tree34ca85c85a78a21003149619dc3c5074bf8afc33
parentb6b1b81b3afba922505b57f4c812bba022f7c4a9 (diff)
downloadlinux-stable-9049a7922124d843a2cd26a02b1d00a17596ec0c.tar.gz
linux-stable-9049a7922124d843a2cd26a02b1d00a17596ec0c.tar.bz2
linux-stable-9049a7922124d843a2cd26a02b1d00a17596ec0c.zip
apparmor: exec should not be returning ENOENT when it denies
The current behavior is confusing as it causes exec failures to report the executable is missing instead of identifying that apparmor caused the failure. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
-rw-r--r--security/apparmor/domain.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
index dc0027b28b04..67a7418937a5 100644
--- a/security/apparmor/domain.c
+++ b/security/apparmor/domain.c
@@ -433,7 +433,7 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
new_profile = aa_get_newest_profile(ns->unconfined);
info = "ux fallback";
} else {
- error = -ENOENT;
+ error = -EACCES;
info = "profile not found";
/* remove MAY_EXEC to audit as failure */
perms.allow &= ~MAY_EXEC;