summaryrefslogtreecommitdiff
path: root/security/tomoyo/domain.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/tomoyo/domain.c')
-rw-r--r--security/tomoyo/domain.c20
1 files changed, 15 insertions, 5 deletions
diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c
index 90b53500a236..5f9ccab26e9a 100644
--- a/security/tomoyo/domain.c
+++ b/security/tomoyo/domain.c
@@ -722,11 +722,21 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm)
ee->bprm = bprm;
ee->r.obj = &ee->obj;
ee->obj.path1 = bprm->file->f_path;
- /* Get symlink's pathname of program. */
- retval = -ENOENT;
+ /*
+ * Get symlink's pathname of program, but fallback to realpath if
+ * symlink's pathname does not exist or symlink's pathname refers
+ * to proc filesystem (e.g. /dev/fd/<num> or /proc/self/fd/<num> ).
+ */
exename.name = tomoyo_realpath_nofollow(original_name);
- if (!exename.name)
- goto out;
+ if (exename.name && !strncmp(exename.name, "proc:/", 6)) {
+ kfree(exename.name);
+ exename.name = NULL;
+ }
+ if (!exename.name) {
+ exename.name = tomoyo_realpath_from_path(&bprm->file->f_path);
+ if (!exename.name)
+ goto out;
+ }
tomoyo_fill_path_info(&exename);
retry:
/* Check 'aggregator' directive. */
@@ -910,7 +920,7 @@ bool tomoyo_dump_page(struct linux_binprm *bprm, unsigned long pos,
#ifdef CONFIG_MMU
/*
* This is called at execve() time in order to dig around
- * in the argv/environment of the new proceess
+ * in the argv/environment of the new process
* (represented by bprm).
*/
mmap_read_lock(bprm->mm);
generated by cgit (git 2.34.1) at 2025-07-23 06:44:40 +0000