diff options
| author | John Johansen <john.johansen@canonical.com> | 2014-07-25 04:02:03 -0700 |
|---|---|---|
| committer | Mister Oyster <oysterized@gmail.com> | 2017-07-04 11:51:25 +0200 |
| commit | f26dac94b400205a1ed473ef704ba1062b8bdece (patch) | |
| tree | 6cc5ed142a3af0bdeb3477796ff891b5eaed08e0 | |
| parent | 1766ebea1af4faf3a347e01e01fd33ffb81dc77f (diff) | |
apparmor: exec should not be returning ENOENT when it denies
commit 9049a7922124d843a2cd26a02b1d00a17596ec0c upstream.
The current behavior is confusing as it causes exec failures to report
the executable is missing instead of identifying that apparmor
caused the failure.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Signed-off-by: Willy Tarreau <w@1wt.eu>
| -rw-r--r-- | security/apparmor/domain.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c index 9aaa4e72c..15d172e39 100644 --- a/security/apparmor/domain.c +++ b/security/apparmor/domain.c @@ -441,7 +441,7 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm) new_profile = aa_get_profile(ns->unconfined); info = "ux fallback"; } else { - error = -ENOENT; + error = -EACCES; info = "profile not found"; } } |