- PL3131 fix: prevent vservers from escaping chroot() barriers
const struct posix_acl_entry *pa, *pe, *mask_obj;
int found = 0;
const struct posix_acl_entry *pa, *pe, *mask_obj;
int found = 0;
+ /* Prevent vservers from escaping chroot() barriers */
+ if (IS_BARRIER(inode) && !vx_check(0, VX_ADMIN))
+ return -EACCES;
+
FOREACH_ACL_ENTRY(pa, acl, pe) {
switch(pa->e_tag) {
case ACL_USER_OBJ:
FOREACH_ACL_ENTRY(pa, acl, pe) {
switch(pa->e_tag) {
case ACL_USER_OBJ: