- merge revision 1.3

date: 2004/11/23 15:08:22;  author: mlhuang;  state: Exp;  lines: +4 -0
PL3131 fix: prevent vservers from escaping chroot() barriers

diff --git a/fs/reiserfs/xattr.c b/fs/reiserfs/xattr.c
index f8babe6..a70801f 100644 (file)
--- a/fs/reiserfs/xattr.c
+++ b/fs/reiserfs/xattr.c
@@ -1338,6 +1338,10 @@ __reiserfs_permission (struct inode *inode, int mask, struct nameidata *nd,
 {
        umode_t                 mode = inode->i_mode;
 
+       /* Prevent vservers from escaping chroot() barriers */
+       if (IS_BARRIER(inode) && !vx_check(0, VX_ADMIN))
+               return -EACCES;
+
        if (mask & MAY_WRITE) {
                /*
                 * Nobody gets write access to a read-only fs.