diff options
author | John Johansen <john.johansen@canonical.com> | 2012-02-16 15:21:30 +0100 |
---|---|---|
committer | John Johansen <john.johansen@canonical.com> | 2012-02-27 20:38:23 +0100 |
commit | 28042fabf43b9a8ccfaa38f8c8187cc525e53fd3 (patch) | |
tree | f881ccfdb821608683bebf4013a572464e798657 | |
parent | AppArmor: fix mapping of META_READ to audit and quiet flags (diff) | |
download | linux-28042fabf43b9a8ccfaa38f8c8187cc525e53fd3.tar.xz linux-28042fabf43b9a8ccfaa38f8c8187cc525e53fd3.zip |
AppArmor: Fix the error case for chroot relative path name lookup
When a chroot relative pathname lookup fails it is falling through to
do a d_absolute_path lookup. This is incorrect as d_absolute_path should
only be used to lookup names for namespace absolute paths.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Kees Cook <kees@ubuntu.com>
-rw-r--r-- | security/apparmor/path.c | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/security/apparmor/path.c b/security/apparmor/path.c index 9d070a7c3ffc..c31ce837fef4 100644 --- a/security/apparmor/path.c +++ b/security/apparmor/path.c @@ -91,9 +91,8 @@ static int d_namespace_path(struct path *path, char *buf, int buflen, } path_put(&root); connected = 0; - } - - res = d_absolute_path(path, buf, buflen); + } else + res = d_absolute_path(path, buf, buflen); *name = res; /* handle error conditions - and still allow a partial path to |