apparmor: fix disconnected bind mnts reconnection

commit f2e561d190da7ff5ee265fa460e2d7f753dddfda upstream.

Bind mounts can fail to be properly reconnected when PATH_CONNECT is
specified. Ensure that when PATH_CONNECT is specified the path has
a root.

BugLink: http://bugs.launchpad.net/bugs/1319984
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Signed-off-by: Willy Tarreau <w@1wt.eu>

diff --git a/security/apparmor/path.c b/security/apparmor/path.c
index e91ffee80162832414fc3222b12624bb0abb46e6..ebc7780926b82cce26f42e3d74f14a77d0d946a0 100644 (file)
--- a/security/apparmor/path.c
+++ b/security/apparmor/path.c
@@ -141,7 +141,10 @@ static int d_namespace_path(struct path *path, char *buf, int buflen,
                        error = -EACCES;
                        if (*res == '/')
                                *name = res + 1;
-               }
+               } else if (*res != '/')
+                       /* CONNECT_PATH with missing root */
+                       error = prepend(name, *name - buf, "/", 1);
+
        }
 
 out: