From: Mark Huang <mlhuang@cs.princeton.edu>
Date: Tue, 30 Nov 2004 16:44:52 +0000 (+0000)
Subject: - merge revision 1.3
X-Git-Tag: after-CAN_2004_1016_1017_1068-merge~12
X-Git-Url: http://git.onelab.eu/?a=commitdiff_plain;h=e380c15760025510dca5d8ef9948858ccc7cba87;p=linux-2.6.git

- merge revision 1.3
date: 2004/11/23 15:08:22;  author: mlhuang;  state: Exp;  lines: +4 -0
PL3131 fix: prevent vservers from escaping chroot() barriers
---

diff --git a/fs/reiserfs/xattr.c b/fs/reiserfs/xattr.c
index f8babe603..a70801f35 100644
--- a/fs/reiserfs/xattr.c
+++ b/fs/reiserfs/xattr.c
@@ -1338,6 +1338,10 @@ __reiserfs_permission (struct inode *inode, int mask, struct nameidata *nd,
 {
 	umode_t			mode = inode->i_mode;
 
+	/* Prevent vservers from escaping chroot() barriers */
+	if (IS_BARRIER(inode) && !vx_check(0, VX_ADMIN))
+		return -EACCES;
+
 	if (mask & MAY_WRITE) {
 		/*
 		 * Nobody gets write access to a read-only fs.