Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 9049a792 authored by John Johansen's avatar John Johansen
Browse files

apparmor: exec should not be returning ENOENT when it denies 



The current behavior is confusing as it causes exec failures to report
the executable is missing instead of identifying that apparmor
caused the failure.

Signed-off-by: default avatarJohn Johansen <john.johansen@canonical.com>
Acked-by: default avatarSeth Arnold <seth.arnold@canonical.com>
parent b6b1b81b

security/apparmor/domain.c

+1 −1
Original line number Diff line number Diff line
@@ -433,7 +433,7 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm) 
				new_profile = aa_get_newest_profile(ns->unconfined);

				info = "ux fallback";

			} else {

				error = -ENOENT;

				error = -EACCES;

				info = "profile not found";

				/* remove MAY_EXEC to audit as failure */

				perms.allow &= ~MAY_EXEC;