AppArmor: Retrieve the dentry_path for error reporting when path lookup fails
John Johansen [Thu, 16 Feb 2012 14:28:50 +0000 (06:28 -0800)]
When __d_path and d_absolute_path fail due to the name being outside of
the current namespace no name is reported.  Use dentry_path to provide
some hint as to which file was being accessed.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Kees Cook <kees@ubuntu.com>

security/apparmor/path.c

index 3dd605c..8c90fd0 100644 (file)
@@ -94,18 +94,21 @@ static int d_namespace_path(struct path *path, char *buf, int buflen,
        } else
                res = d_absolute_path(path, buf, buflen);
 
-       *name = res;
        /* handle error conditions - and still allow a partial path to
         * be returned.
         */
        if (IS_ERR(res)) {
-               error = PTR_ERR(res);
-               *name = buf;
-               goto out;
-       }
-       if (!our_mnt(path->mnt))
+               res = dentry_path_raw(path->dentry, buf, buflen);
+               if (IS_ERR(res)) {
+                       error = PTR_ERR(res);
+                       *name = buf;
+                       goto out;
+               };
+       } else if (!our_mnt(path->mnt))
                connected = 0;
 
+       *name = res;
+
 ok:
        /* Handle two cases:
         * 1. A deleted dentry && profile is not allowing mediation of deleted