When a chroot relative pathname lookup fails it is falling through to do a d_absolute_path lookup. This is incorrect as d_absolute_path should only be used to lookup names for namespace absolute paths.
Signed-off-by: John Johansen <john.johan...@canonical.com> --- security/apparmor/path.c | 5 ++--- 1 files changed, 2 insertions(+), 3 deletions(-) diff --git a/security/apparmor/path.c b/security/apparmor/path.c index b566eba..70b09bb 100644 --- a/security/apparmor/path.c +++ b/security/apparmor/path.c @@ -92,9 +92,8 @@ static int d_namespace_path(struct path *path, char *buf, int buflen, } path_put(&root); connected = 0; - } - - res = d_absolute_path(path, buf, buflen); + } else + res = d_absolute_path(path, buf, buflen); *name = res; /* handle error conditions - and still allow a partial path to -- 1.7.9 -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor