On Tue, Mar 30, 2021 at 08:08:45AM +0200, Ricardo Ribalda wrote:
> ima_file_mprotect does not return EACCES but EPERM.
>
> Signed-off-by: Ricardo Ribalda <ribalda@xxxxxxxxxxxx>
Acked-by: Jarkko Sakkinen <jarkko@xxxxxxxxxx>
/Jarkko
> ---
> security/integrity/ima/ima_main.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
> index 9ef748ea829f..716ea29cf897 100644
> --- a/security/integrity/ima/ima_main.c
> +++ b/security/integrity/ima/ima_main.c
> @@ -409,7 +409,7 @@ int ima_file_mmap(struct file *file, unsigned long prot)
> * this point. Eliminate this integrity gap by denying the mprotect
> * PROT_EXECUTE change, if an mmap appraise policy rule exists.
> *
> - * On mprotect change success, return 0. On failure, return -EACESS.
> + * On mprotect change success, return 0. On failure, return -EPERM.
> */
> int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot)
> {
> --
> 2.31.0.291.g576ba9dcdaf-goog
>
>
