mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 16:35:02 +01:00
22 lines
632 B
Diff
22 lines
632 B
Diff
There is no need to go throught the whole state machine for unreachable
|
|
dentries; they will never match.
|
|
|
|
Index: b/security/apparmor/main.c
|
|
===================================================================
|
|
--- a/security/apparmor/main.c
|
|
+++ b/security/apparmor/main.c
|
|
@@ -172,6 +172,14 @@ static char *aa_get_name(struct dentry *
|
|
|
|
name = d_namespace_path(dentry, mnt, buf, size);
|
|
if (!IS_ERR(name)) {
|
|
+ if (name[0] != '/') {
|
|
+ /*
|
|
+ * This dentry is not connected to the
|
|
+ * namespace root -- reject access.
|
|
+ */
|
|
+ kfree(buf);
|
|
+ return ERR_PTR(-ENOENT);
|
|
+ }
|
|
*buffer = buf;
|
|
return name;
|
|
}
|