AppArmor: Fix error returned when a path lookup is disconnected
John Johansen [Sat, 10 Mar 2012 19:19:51 +0000 (11:19 -0800)]
The returning of -ESATLE when a path lookup fails as disconnected is wrong.
Since AppArmor is rejecting the access return -EACCES instead.

This also fixes a bug in complain (learning) mode where disconnected paths
are denied because -ESTALE errors are not ignored causing failures that
can change application behavior.

Signed-off-by: John Johansen <john.johansen@canonical.com>

security/apparmor/path.c

index c31ce83..3dd605c 100644 (file)
@@ -137,7 +137,7 @@ ok:
                        /* disconnected path, don't return pathname starting
                         * with '/'
                         */
-                       error = -ESTALE;
+                       error = -EACCES;
                        if (*res == '/')
                                *name = res + 1;
                }