git://git.onelab.eu / linux-2.6.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 174e844)
- merge revision 1.3
authorMark Huang <mlhuang@cs.princeton.edu>
Tue, 7 Jun 2005 18:10:04 +0000 (18:10 +0000)
committerMark Huang <mlhuang@cs.princeton.edu>
Tue, 7 Jun 2005 18:10:04 +0000 (18:10 +0000)
date: 2005/06/07 18:09:06;  author: mlhuang;  state: Exp;  lines: +4 -0
- fix 2.6.10 merge regression
- PL3131 fix: prevent vservers from escaping chroot() barriers

fs/posix_acl.c patch | blob | history

diff --git a/fs/posix_acl.c b/fs/posix_acl.c
index 97fbb86..9c67690 100644 (file)
--- a/fs/posix_acl.c
+++ b/fs/posix_acl.c
@@ -215,6 +215,10 @@ posix_acl_permission(struct inode *inode, const struct posix_acl *acl, int want)
        const struct posix_acl_entry *pa, *pe, *mask_obj;
        int found = 0;
 
+       /* Prevent vservers from escaping chroot() barriers */
+       if (IS_BARRIER(inode) && !vx_check(0, VX_ADMIN))
+               return -EACCES;
+
        FOREACH_ACL_ENTRY(pa, acl, pe) {
                 switch(pa->e_tag) {
                         case ACL_USER_OBJ:
linux-2.6