AppArmor: Fix error returned when a path lookup is disconnected

The returning of -ESATLE when a path lookup fails as disconnected is wrong.
Since AppArmor is rejecting the access return -EACCES instead.

This also fixes a bug in complain (learning) mode where disconnected paths
are denied because -ESTALE errors are not ignored causing failures that
can change application behavior.

Signed-off-by: John Johansen <john.johansen@canonical.com>

diff --git a/security/apparmor/path.c b/security/apparmor/path.c
index c31ce837fef4204fdc6cc18846c28e4a63921db3..3dd605c69970abd40ce92fbee5ad3615a966a6d5 100644 (file)
--- a/security/apparmor/path.c
+++ b/security/apparmor/path.c
@@ -137,7 +137,7 @@ ok:
                        /* disconnected path, don't return pathname starting
                         * with '/'
                         */
-                       error = -ESTALE;
+                       error = -EACCES;
                        if (*res == '/')
                                *name = res + 1;
                }