From: Mark Huang <mlhuang@cs.princeton.edu>
Date: Tue, 30 Nov 2004 16:42:45 +0000 (+0000)
Subject: - merge revision 1.4
X-Git-Tag: after-CAN_2004_1016_1017_1068-merge~18
X-Git-Url: http://git.onelab.eu/?a=commitdiff_plain;h=fff2ca6d4026762029d183ccd0b47edc362a66d4;p=linux-2.6.git

- merge revision 1.4
date: 2004/11/23 15:03:26;  author: mlhuang;  state: Exp;  lines: +4 -0
PL3131 fix: prevent vservers from escaping chroot() barriers
---

diff --git a/fs/ext2/acl.c b/fs/ext2/acl.c
index 74acc7846..d232026b4 100644
--- a/fs/ext2/acl.c
+++ b/fs/ext2/acl.c
@@ -9,6 +9,7 @@
 #include <linux/slab.h>
 #include <linux/fs.h>
 #include <linux/namei.h> 
+#include <linux/vs_base.h>
 #include "ext2.h"
 #include "xattr.h"
 #include "acl.h"
@@ -291,6 +292,9 @@ ext2_permission(struct inode *inode, int mask, struct nameidata *nd)
 {
 	int mode = inode->i_mode;
 
+	/* Prevent vservers from escaping chroot() barriers */
+	if (IS_BARRIER(inode) && !vx_check(0, VX_ADMIN))
+		return -EACCES;
 	/* Nobody gets write access to a read-only fs */
 	if ((mask & MAY_WRITE) && (IS_RDONLY(inode) ||
 	    (nd && MNT_IS_RDONLY(nd->mnt))) &&