Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754044AbdFSSi4 (ORCPT + 2 others); Mon, 19 Jun 2017 14:38:56 -0400 Received: from wtarreau.pck.nerim.net ([62.212.114.60]:52667 "EHLO 1wt.eu" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753992AbdFSSiv (ORCPT ); Mon, 19 Jun 2017 14:38:51 -0400 From: Willy Tarreau To: linux-kernel@vger.kernel.org, stable@vger.kernel.org, linux@roeck-us.net Cc: John Johansen , Jiri Slaby , Willy Tarreau Subject: [PATCH 3.10 113/268] apparmor: exec should not be returning ENOENT when it denies Date: Mon, 19 Jun 2017 20:30:12 +0200 Message-Id: <1497897167-14556-114-git-send-email-w@1wt.eu> X-Mailer: git-send-email 2.8.0.rc2.1.gbe9624a In-Reply-To: <1497897167-14556-1-git-send-email-w@1wt.eu> References: <1497897167-14556-1-git-send-email-w@1wt.eu> Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Return-Path: From: John Johansen commit 9049a7922124d843a2cd26a02b1d00a17596ec0c upstream. The current behavior is confusing as it causes exec failures to report the executable is missing instead of identifying that apparmor caused the failure. Signed-off-by: John Johansen Acked-by: Seth Arnold Signed-off-by: Jiri Slaby Signed-off-by: Willy Tarreau --- security/apparmor/domain.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c index 859abda..8405a04 100644 --- a/security/apparmor/domain.c +++ b/security/apparmor/domain.c @@ -441,7 +441,7 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm) new_profile = aa_get_profile(ns->unconfined); info = "ux fallback"; } else { - error = -ENOENT; + error = -EACCES; info = "profile not found"; } } -- 2.8.0.rc2.1.gbe9624a