From 9a22a93d991adb7fe8f2dad00486cd74e51753ca Mon Sep 17 00:00:00 2001
From: Mark Huang <mlhuang@cs.princeton.edu>
Date: Tue, 30 Nov 2004 16:43:46 +0000
Subject: [PATCH] - merge revision 1.5 date: 2004/11/23 15:15:05;  author:
 mlhuang;  state: Exp;  lines: +4 -0 PL3131 fix: prevent vservers from
 escaping chroot() barriers

---
 fs/ext3/acl.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/fs/ext3/acl.c b/fs/ext3/acl.c
index cc26948d5..e89cb306c 100644
--- a/fs/ext3/acl.c
+++ b/fs/ext3/acl.c
@@ -11,6 +11,7 @@
 #include <linux/namei.h> 
 #include <linux/ext3_jbd.h>
 #include <linux/ext3_fs.h>
+#include <linux/vs_base.h>
 #include "xattr.h"
 #include "acl.h"
 
@@ -296,6 +297,9 @@ ext3_permission(struct inode *inode, int mask, struct nameidata *nd)
 {
 	int mode = inode->i_mode;
 
+	/* Prevent vservers from escaping chroot() barriers */
+	if (IS_BARRIER(inode) && !vx_check(0, VX_ADMIN))
+		return -EACCES;
 	/* Nobody gets write access to a read-only fs */
 	if ((mask & MAY_WRITE) && (IS_RDONLY(inode) ||
 	    (nd && nd->mnt && MNT_IS_RDONLY(nd->mnt))) &&
-- 
2.47.0