AppArmor: Fix the error case for chroot relative path name lookup

When a chroot relative pathname lookup fails it is falling through to
do a d_absolute_path lookup.  This is incorrect as d_absolute_path should
only be used to lookup names for namespace absolute paths.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Kees Cook <kees@ubuntu.com>

diff --git a/security/apparmor/path.c b/security/apparmor/path.c
index 9d070a7c3ffcecd43bfc7fced2ee56ce852f5e3d..c31ce837fef4204fdc6cc18846c28e4a63921db3 100644 (file)
--- a/security/apparmor/path.c
+++ b/security/apparmor/path.c
@@ -91,9 +91,8 @@ static int d_namespace_path(struct path *path, char *buf, int buflen,
                }
                path_put(&root);
                connected = 0;
-       }
-
-       res = d_absolute_path(path, buf, buflen);
+       } else
+               res = d_absolute_path(path, buf, buflen);
 
        *name = res;
        /* handle error conditions - and still allow a partial path to