mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-22 10:07:12 +00:00
Code Issues Releases Wiki Activity

aa-exec: Clarify ENOENT and EACCES errors when changing profiles

Browse Source 
The aa-exec tool was indicating, in an error message, that a profile
didn't exist in cases where aa_change_profile() failed with errno set to
ENOENT or EACCES. However, the EACCES error means that changing to the
target profile is not allowed. This patch fixes the error message in the
cause of EACCES:

 $ ./aa-exec -p dne -- true
 aa-exec: ERROR: profile 'dne' does not exist

 $ ./aa-exec -p /usr/sbin/tcpdump -- ./aa-exec -p unconfined -- true
 aa-exec: ERROR: insufficient permissions to change to the profile 'unconfined'

Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
This commit is contained in:
Tyler Hicks 2018-05-31 17:32:39 +00:00
parent 652dac0cec
commit 95286bb9e7
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
binutils/aa_exec.c
View File

@ -201,9 +201,12 @@ int main(int argc, char **argv)
}
if (rc) {
if (errno == ENOENT || errno == EACCES) {
if (errno == ENOENT) {
error("%s '%s' does not exist",
opt_profile ? "profile" : "namespace", name);
} else if (errno == EACCES) {
error("insufficient permissions to change to the %s '%s'",
opt_profile ? "profile" : "namespace", name);
} else if (errno == EINVAL) {
error("AppArmor interface not available");
} else {