apparmor: exec should not be returning ENOENT when it denies The current behavior is confusing as it causes exec failures to report the executable is missing instead of identifying that apparmor caused the failure. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>

commit: 9049a7922124d843a2cd26a02b1d00a17596ec0c [log] [tgz]
author: John Johansen <john.johansen@canonical.com> Fri Jul 25 04:02:03 2014 -0700
committer: John Johansen <john.johansen@canonical.com> Tue Jul 12 08:43:10 2016 -0700
tree: 34ca85c85a78a21003149619dc3c5074bf8afc33
parent: b6b1b81b3afba922505b57f4c812bba022f7c4a9 [diff]
diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
index dc0027b..67a7418 100644
--- a/security/apparmor/domain.c
+++ b/security/apparmor/domain.c

@@ -433,7 +433,7 @@
 				new_profile = aa_get_newest_profile(ns->unconfined);
 				info = "ux fallback";
 			} else {
-				error = -ENOENT;
+				error = -EACCES;
 				info = "profile not found";
 				/* remove MAY_EXEC to audit as failure */
 				perms.allow &= ~MAY_EXEC;
commit	9049a7922124d843a2cd26a02b1d00a17596ec0c	[log] [tgz]
author	John Johansen <john.johansen@canonical.com>	Fri Jul 25 04:02:03 2014 -0700
committer	John Johansen <john.johansen@canonical.com>	Tue Jul 12 08:43:10 2016 -0700
tree	34ca85c85a78a21003149619dc3c5074bf8afc33
parent	b6b1b81b3afba922505b57f4c812bba022f7c4a9 [diff]