Correct error message when command doesn't exist in intercept mode.

Previously, we would always use EACCES, even when ENOENT was appropriate. This also affected log_subcmds.
2025-08-30 13:58:05 +00:00 · 2023-01-25 10:31:49 -07:00 · 2023-01-25 10:31:49 -07:00 · a32a54dced
commit a32a54dced
parent de021b60db
2 changed files with 6 additions and 3 deletions
--- a/src/exec_intercept.c
+++ b/src/exec_intercept.c
@ -407,7 +407,7 @@ intercept_check_policy(const char *command, int argc, char **argv, int envc,
     */
    if (stat(command, &sb) == -1) {
 	closure->errstr = NULL;
-	closure->state = POLICY_REJECT;
+	closure->state = POLICY_ERROR;
 	goto done;
    }

--- a/src/exec_ptrace.c
+++ b/src/exec_ptrace.c
@ -1920,9 +1920,12 @@ ptrace_intercept_execve(pid_t pid, struct intercept_closure *closure)
 	    }
 	}
 	break;
-    default:
+    case POLICY_REJECT:
 	/* If rejected, fake the syscall and set return to EACCES */
-	ptrace_fail_syscall(pid, &regs, EACCES);
+	errno = EACCES;
+	FALLTHROUGH;
+    default:
+	ptrace_fail_syscall(pid, &regs, errno);
 	break;
    }