Correct error message when command doesn't exist in intercept mode.

Previously, we would always use EACCES, even when ENOENT was
appropriate.  This also affected log_subcmds.

src/exec_intercept.c

@@ -407,7 +407,7 @@ intercept_check_policy(const char *command, int argc, char **argv, int envc,
      */
     if (stat(command, &sb) == -1) {
 	closure->errstr = NULL;
-	closure->state = POLICY_REJECT;
+	closure->state = POLICY_ERROR;
 	goto done;
     }
 

src/exec_ptrace.c

@@ -1920,9 +1920,12 @@ ptrace_intercept_execve(pid_t pid, struct intercept_closure *closure)
 	    }
 	}
 	break;
-    default:
+    case POLICY_REJECT:
 	/* If rejected, fake the syscall and set return to EACCES */
-	ptrace_fail_syscall(pid, &regs, EACCES);
+	errno = EACCES;
+	FALLTHROUGH;
+    default:
+	ptrace_fail_syscall(pid, &regs, errno);
 	break;
     }