apparmor: exec should not be returning ENOENT when it denies

commit 9049a792 upstream. The current behavior is confusing as it causes exec failures to report the executable is missing instead of identifying that apparmor caused the failure. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com> Signed-off-by: Jiri Slaby <jslaby@suse.cz>

apparmor: exec should not be returning ENOENT when it denies
commit 9049a792 upstream. The current behavior is confusing as it causes exec failures to report the executable is missing instead of identifying that apparmor caused the failure. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com> Signed-off-by: Jiri Slaby <jslaby@suse.cz>
2ee5e7af · John Johansen · Jiri Slaby · 087e1f32 · 2ee5e7af
Commit 2ee5e7af authored Jul 25, 2014 by John Johansen Committed by Jiri Slaby Jan 27, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

security/apparmor/domain.c security/apparmor/domain.c +1 -1

No files found.
--- a/security/apparmor/domain.c
+++ b/security/apparmor/domain.c
@@ -437,7 +437,7 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
 				new_profile = aa_get_newest_profile(ns->unconfined);
 				info = "ux fallback";
 			} else {
-				error = -ENOENT;
+				error = -EACCES;
 				info = "profile not found";
 				/* remove MAY_EXEC to audit as failure */
 				perms.allow &= ~MAY_EXEC;