apparmor: fix disconnected bind mnts reconnection

commit f2e561d190da7ff5ee265fa460e2d7f753dddfda upstream.

Bind mounts can fail to be properly reconnected when PATH_CONNECT is
specified. Ensure that when PATH_CONNECT is specified the path has
a root.

BugLink: http://bugs.launchpad.net/bugs/1319984
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>

diff --git a/security/apparmor/path.c b/security/apparmor/path.c
index 35b394a75d762dd6a4e935f3ffe1d5b4566a2885..0f232e5cd18cf6f75af2282bec955b8e156d9cf1 100644 (file)
--- a/security/apparmor/path.c
+++ b/security/apparmor/path.c
@@ -141,7 +141,10 @@ static int d_namespace_path(struct path *path, char *buf, int buflen,
                        error = -EACCES;
                        if (*res == '/')
                                *name = res + 1;
-               }
+               } else if (*res != '/')
+                       /* CONNECT_PATH with missing root */
+                       error = prepend(name, *name - buf, "/", 1);
+
        }
 
 out: