From 83989be027341a1add3c12f2e3690ee1032beba1 Mon Sep 17 00:00:00 2001
From: Paul Moore <paul@paul-moore.com>
Date: Thu, 2 Apr 2020 20:37:32 -0400
Subject: api: use EACCESS over EPERM

This is part of our error code cleanup and API promise.

Acked-by: Tom Hromatka <tom.hromatka@oracle.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
---
 src/api.c                     | 4 ++--
 tests/11-basic-basic_errors.c | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/api.c b/src/api.c
index 837d020..77dc290 100644
--- a/src/api.c
+++ b/src/api.c
@@ -449,7 +449,7 @@ API int seccomp_rule_add_array(scmp_filter_ctx ctx,
 	if (rc < 0)
 		return rc;
 	if (action == col->attr.act_default)
-		return -EPERM;
+		return -EACCES;
 
 	return db_col_rule_add(col, 0, action, syscall, arg_cnt, arg_array);
 }
@@ -498,7 +498,7 @@ API int seccomp_rule_add_exact_array(scmp_filter_ctx ctx,
 	if (rc < 0)
 		return rc;
 	if (action == col->attr.act_default)
-		return -EPERM;
+		return -EACCES;
 
 	if (col->filter_cnt > 1)
 		return -EOPNOTSUPP;
diff --git a/tests/11-basic-basic_errors.c b/tests/11-basic-basic_errors.c
index ddd9e38..a41b7b5 100644
--- a/tests/11-basic-basic_errors.c
+++ b/tests/11-basic-basic_errors.c
@@ -81,7 +81,7 @@ int main(int argc, char *argv[])
 		return -1;
 	else {
 		rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 0);
-		if (rc != -EPERM)
+		if (rc != -EACCES)
 			return -1;
 		rc = seccomp_rule_add(ctx, SCMP_ACT_KILL - 1, SCMP_SYS(read), 0);
 		if (rc != -EINVAL)
-- 
cgit v1.2.1