From: John Johansen <john.johansen@canonical.com>
To: linux-kernel@vger.kernel.org
Cc: linux-security-module@vger.kernel.org
Subject: [PATCH 1/7] AppArmor: Retrieve the dentry_path for error reporting when path lookup fails
Date: Mon, 27 Feb 2012 14:23:11 -0800
Message-Id: <1330381397-5352-2-git-send-email-john.johansen@canonical.com>
In-Reply-To: <1330381397-5352-1-git-send-email-john.johansen@canonical.com>
References: <1330381397-5352-1-git-send-email-john.johansen@canonical.com>
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1471
Lines: 50

When __d_path and d_absolute_path fail due to the name being outside of
the current namespace no name is reported.  Use dentry_path to provide
some hint as to which file was being accessed.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Kees Cook <kees@ubuntu.com>
---
 security/apparmor/path.c |   15 +++++++++------
 1 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/security/apparmor/path.c b/security/apparmor/path.c
index c31ce83..b3cf4cd 100644
--- a/security/apparmor/path.c
+++ b/security/apparmor/path.c
@@ -94,18 +94,21 @@ static int d_namespace_path(struct path *path, char *buf, int buflen,
 	} else
 		res = d_absolute_path(path, buf, buflen);
 
-	*name = res;
 	/* handle error conditions - and still allow a partial path to
 	 * be returned.
 	 */
 	if (IS_ERR(res)) {
-		error = PTR_ERR(res);
-		*name = buf;
-		goto out;
-	}
-	if (!our_mnt(path->mnt))
+		res = dentry_path_raw(path->dentry, buf, buflen);
+		if (IS_ERR(res)) {
+			error = PTR_ERR(res);
+			*name = buf;
+			goto out;
+		};
+	} else if (!our_mnt(path->mnt))
 		connected = 0;
 
+	*name = res;
+
 ok:
 	/* Handle two cases:
 	 * 1. A deleted dentry && profile is not allowing mediation of deleted
-- 
1.7.9

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/