Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit fbba8d89 authored by John Johansen's avatar John Johansen
Browse files

AppArmor: Retrieve the dentry_path for error reporting when path lookup fails 



When __d_path and d_absolute_path fail due to the name being outside of
the current namespace no name is reported.  Use dentry_path to provide
some hint as to which file was being accessed.

Signed-off-by: default avatarJohn Johansen <john.johansen@canonical.com>
Acked-by: default avatarKees Cook <kees@ubuntu.com>
parent 33e521ac

security/apparmor/path.c

+9 −6
Original line number Original line Diff line number Diff line
@@ -94,18 +94,21 @@ static int d_namespace_path(struct path *path, char *buf, int buflen, 
	} else

	} else

		res = d_absolute_path(path, buf, buflen);

		res = d_absolute_path(path, buf, buflen);





	*name = res;

	/* handle error conditions - and still allow a partial path to

	/* handle error conditions - and still allow a partial path to

	 * be returned.

	 * be returned.

	 */

	 */

	if (IS_ERR(res)) {

		res = dentry_path_raw(path->dentry, buf, buflen);

		if (IS_ERR(res)) {

		if (IS_ERR(res)) {

			error = PTR_ERR(res);

			error = PTR_ERR(res);

			*name = buf;

			*name = buf;

			goto out;

			goto out;

	}

		};

	if (!our_mnt(path->mnt))

	} else if (!our_mnt(path->mnt))

		connected = 0;

		connected = 0;





	*name = res;



ok:

ok:

	/* Handle two cases:

	/* Handle two cases:

	 * 1. A deleted dentry && profile is not allowing mediation of deleted

	 * 1. A deleted dentry && profile is not allowing mediation of deleted