From fbba8d89acea5d628d1d076b1d8962db438ff832 Mon Sep 17 00:00:00 2001 From: John Johansen Date: Thu, 16 Feb 2012 06:28:50 -0800 Subject: [PATCH] AppArmor: Retrieve the dentry_path for error reporting when path lookup fails When __d_path and d_absolute_path fail due to the name being outside of the current namespace no name is reported. Use dentry_path to provide some hint as to which file was being accessed. Signed-off-by: John Johansen Acked-by: Kees Cook --- security/apparmor/path.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/security/apparmor/path.c b/security/apparmor/path.c index 3dd605c69970..8c90fd0f49c5 100644 --- a/security/apparmor/path.c +++ b/security/apparmor/path.c @@ -94,18 +94,21 @@ static int d_namespace_path(struct path *path, char *buf, int buflen, } else res = d_absolute_path(path, buf, buflen); - *name = res; /* handle error conditions - and still allow a partial path to * be returned. */ if (IS_ERR(res)) { - error = PTR_ERR(res); - *name = buf; - goto out; - } - if (!our_mnt(path->mnt)) + res = dentry_path_raw(path->dentry, buf, buflen); + if (IS_ERR(res)) { + error = PTR_ERR(res); + *name = buf; + goto out; + }; + } else if (!our_mnt(path->mnt)) connected = 0; + *name = res; + ok: /* Handle two cases: * 1. A deleted dentry && profile is not allowing mediation of deleted