date: 2004/11/23 15:15:05; author: mlhuang; state: Exp; lines: +4 -0
PL3131 fix: prevent vservers from escaping chroot() barriers
#include <linux/namei.h>
#include <linux/ext3_jbd.h>
#include <linux/ext3_fs.h>
+#include <linux/vs_base.h>
#include "xattr.h"
#include "acl.h"
{
int mode = inode->i_mode;
+ /* Prevent vservers from escaping chroot() barriers */
+ if (IS_BARRIER(inode) && !vx_check(0, VX_ADMIN))
+ return -EACCES;
/* Nobody gets write access to a read-only fs */
if ((mask & MAY_WRITE) && (IS_RDONLY(inode) ||
(nd && nd->mnt && MNT_IS_RDONLY(nd->mnt))) &&