diff options
author | John Johansen <john.johansen@canonical.com> | 2012-02-16 09:28:50 -0500 |
---|---|---|
committer | John Johansen <john.johansen@canonical.com> | 2012-03-14 09:15:22 -0400 |
commit | fbba8d89acea5d628d1d076b1d8962db438ff832 (patch) | |
tree | 1e3a27cb78369676de62f8587d84d281224df1ff /security | |
parent | 33e521acff709d275950ec5bf8dd577d873cd61e (diff) |
AppArmor: Retrieve the dentry_path for error reporting when path lookup fails
When __d_path and d_absolute_path fail due to the name being outside of
the current namespace no name is reported. Use dentry_path to provide
some hint as to which file was being accessed.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Kees Cook <kees@ubuntu.com>
Diffstat (limited to 'security')
-rw-r--r-- | security/apparmor/path.c | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/security/apparmor/path.c b/security/apparmor/path.c index 3dd605c69970..8c90fd0f49c5 100644 --- a/security/apparmor/path.c +++ b/security/apparmor/path.c | |||
@@ -94,18 +94,21 @@ static int d_namespace_path(struct path *path, char *buf, int buflen, | |||
94 | } else | 94 | } else |
95 | res = d_absolute_path(path, buf, buflen); | 95 | res = d_absolute_path(path, buf, buflen); |
96 | 96 | ||
97 | *name = res; | ||
98 | /* handle error conditions - and still allow a partial path to | 97 | /* handle error conditions - and still allow a partial path to |
99 | * be returned. | 98 | * be returned. |
100 | */ | 99 | */ |
101 | if (IS_ERR(res)) { | 100 | if (IS_ERR(res)) { |
102 | error = PTR_ERR(res); | 101 | res = dentry_path_raw(path->dentry, buf, buflen); |
103 | *name = buf; | 102 | if (IS_ERR(res)) { |
104 | goto out; | 103 | error = PTR_ERR(res); |
105 | } | 104 | *name = buf; |
106 | if (!our_mnt(path->mnt)) | 105 | goto out; |
106 | }; | ||
107 | } else if (!our_mnt(path->mnt)) | ||
107 | connected = 0; | 108 | connected = 0; |
108 | 109 | ||
110 | *name = res; | ||
111 | |||
109 | ok: | 112 | ok: |
110 | /* Handle two cases: | 113 | /* Handle two cases: |
111 | * 1. A deleted dentry && profile is not allowing mediation of deleted | 114 | * 1. A deleted dentry && profile is not allowing mediation of deleted |