apparmor: exec should not be returning ENOENT when it denies

commit 9049a7922124d843a2cd26a02b1d00a17596ec0c upstream. The current behavior is confusing as it causes exec failures to report the executable is missing instead of identifying that apparmor caused the failure. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com> Signed-off-by: Jiri Slaby <jslaby@suse.cz> Signed-off-by: Willy Tarreau <w@1wt.eu>
author: John Johansen <john.johansen@canonical.com> 2014-07-25 04:02:03 -0700
committer: Mister Oyster <oysterized@gmail.com> 2017-07-04 11:51:25 +0200
commit: f26dac94b400205a1ed473ef704ba1062b8bdece (patch)
tree: 6cc5ed142a3af0bdeb3477796ff891b5eaed08e0 /security/apparmor
parent: 1766ebea1af4faf3a347e01e01fd33ffb81dc77f (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
index 9aaa4e72c..15d172e39 100644
--- a/security/apparmor/domain.c
+++ b/security/apparmor/domain.c
@@ -441,7 +441,7 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
 				new_profile = aa_get_profile(ns->unconfined);
 				info = "ux fallback";
 			} else {
-				error = -ENOENT;
+				error = -EACCES;
 				info = "profile not found";
 			}
 		}
author	John Johansen <john.johansen@canonical.com>	2014-07-25 04:02:03 -0700
committer	Mister Oyster <oysterized@gmail.com>	2017-07-04 11:51:25 +0200
commit	f26dac94b400205a1ed473ef704ba1062b8bdece (patch)
tree	6cc5ed142a3af0bdeb3477796ff891b5eaed08e0 /security/apparmor
parent	1766ebea1af4faf3a347e01e01fd33ffb81dc77f (diff)