git://git.onelab.eu / linux-2.6.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b315c57)
- merge revision 1.5
authorMark Huang <mlhuang@cs.princeton.edu>
Tue, 30 Nov 2004 16:43:46 +0000 (16:43 +0000)
committerMark Huang <mlhuang@cs.princeton.edu>
Tue, 30 Nov 2004 16:43:46 +0000 (16:43 +0000)
date: 2004/11/23 15:15:05;  author: mlhuang;  state: Exp;  lines: +4 -0
PL3131 fix: prevent vservers from escaping chroot() barriers

fs/ext3/acl.c patch | blob | history

diff --git a/fs/ext3/acl.c b/fs/ext3/acl.c
index cc26948..e89cb30 100644 (file)
--- a/fs/ext3/acl.c
+++ b/fs/ext3/acl.c
@@ -11,6 +11,7 @@
 #include <linux/namei.h> 
 #include <linux/ext3_jbd.h>
 #include <linux/ext3_fs.h>
+#include <linux/vs_base.h>
 #include "xattr.h"
 #include "acl.h"
 
@@ -296,6 +297,9 @@ ext3_permission(struct inode *inode, int mask, struct nameidata *nd)
 {
        int mode = inode->i_mode;
 
+       /* Prevent vservers from escaping chroot() barriers */
+       if (IS_BARRIER(inode) && !vx_check(0, VX_ADMIN))
+               return -EACCES;
        /* Nobody gets write access to a read-only fs */
        if ((mask & MAY_WRITE) && (IS_RDONLY(inode) ||
            (nd && nd->mnt && MNT_IS_RDONLY(nd->mnt))) &&
linux-2.6