diff options
author | John Johansen <john.johansen@canonical.com> | 2012-02-16 06:21:30 -0800 |
---|---|---|
committer | John Johansen <john.johansen@canonical.com> | 2012-02-27 11:38:23 -0800 |
commit | 28042fabf43b9a8ccfaa38f8c8187cc525e53fd3 (patch) | |
tree | f881ccfdb821608683bebf4013a572464e798657 /security | |
parent | 38305a4bab4be5d278443b057f7f5e97afb07f26 (diff) | |
download | op-kernel-dev-28042fabf43b9a8ccfaa38f8c8187cc525e53fd3.zip op-kernel-dev-28042fabf43b9a8ccfaa38f8c8187cc525e53fd3.tar.gz |
AppArmor: Fix the error case for chroot relative path name lookup
When a chroot relative pathname lookup fails it is falling through to
do a d_absolute_path lookup. This is incorrect as d_absolute_path should
only be used to lookup names for namespace absolute paths.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Kees Cook <kees@ubuntu.com>
Diffstat (limited to 'security')
-rw-r--r-- | security/apparmor/path.c | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/security/apparmor/path.c b/security/apparmor/path.c index 9d070a7..c31ce83 100644 --- a/security/apparmor/path.c +++ b/security/apparmor/path.c @@ -91,9 +91,8 @@ static int d_namespace_path(struct path *path, char *buf, int buflen, } path_put(&root); connected = 0; - } - - res = d_absolute_path(path, buf, buflen); + } else + res = d_absolute_path(path, buf, buflen); *name = res; /* handle error conditions - and still allow a partial path to |