From: Mark Huang <mlhuang@cs.princeton.edu>
Date: Tue, 23 Nov 2004 14:26:45 +0000 (+0000)
Subject: change chroot() escape fix to setting the barrier bit rather than the immulink bit... 
X-Git-Tag: after-util-vserver-0_30_208-revert~201
X-Git-Url: http://git.onelab.eu/?p=util-vserver.git;a=commitdiff_plain;h=9b596875128e54eac037ef6ece178e1765030015

change chroot() escape fix to setting the barrier bit rather than the immulink bit, which has changed and is now not even settable by chattr anymore anyway
---

diff --git a/util-vserver.spec b/util-vserver.spec
index b3c44fa..cbb4b5b 100644
--- a/util-vserver.spec
+++ b/util-vserver.spec
@@ -7,8 +7,6 @@ Packager: PlanetLab Central <support@planet-lab.org>
 Distribution: PlanetLab 3.0
 URL: http://cvs.planet-lab.org/cvs/util-vserver
 
-%define __chattr	/usr/bin/chattr
-
 Summary:	Linux virtual server utilities
 Name:		%{name}
 Version:	%{version}
@@ -23,7 +21,6 @@ Provides:	vserver = %epoch:%version-%release
 Conflicts:	vserver < %epoch:%version-%release
 Conflicts:	vserver > %epoch:%version-%release
 BuildRequires:	e2fsprogs-devel
-Requires(post):	%__chattr
 
 %package linuxconf
 Summary:	Linuxconf administration modules for vservers
@@ -99,8 +96,8 @@ chkconfig --del vcached
 if [ ! -f /etc/shells ] || ! grep -q '^/bin/vsh$' /etc/shells ; then
     echo /bin/vsh >> /etc/shells
 fi
-# make sure immutable bit is set on /vservers for safety
-%__chattr +t /vservers || :
+# make sure barrier bit is set on /vservers to prevent chroot() escapes
+%_libdir/%name/setattr --barrier /vservers
 
 %postun
 # 0 = erase, 1 = upgrade
diff --git a/util-vserver.spec.in b/util-vserver.spec.in
index 77198bf..fcece17 100644
--- a/util-vserver.spec.in
+++ b/util-vserver.spec.in
@@ -7,8 +7,6 @@ Packager: PlanetLab Central <support@planet-lab.org>
 Distribution: PlanetLab 3.0
 URL: http://cvs.planet-lab.org/cvs/util-vserver
 
-%define __chattr	/usr/bin/chattr
-
 Summary:	Linux virtual server utilities
 Name:		%{name}
 Version:	%{version}
@@ -23,7 +21,6 @@ Provides:	vserver = %epoch:%version-%release
 Conflicts:	vserver < %epoch:%version-%release
 Conflicts:	vserver > %epoch:%version-%release
 BuildRequires:	e2fsprogs-devel
-Requires(post):	%__chattr
 
 %package linuxconf
 Summary:	Linuxconf administration modules for vservers
@@ -99,8 +96,8 @@ chkconfig --del vcached
 if [ ! -f /etc/shells ] || ! grep -q '^/bin/vsh$' /etc/shells ; then
     echo /bin/vsh >> /etc/shells
 fi
-# make sure immutable bit is set on /vservers for safety
-%__chattr +t /vservers || :
+# make sure barrier bit is set on /vservers to prevent chroot() escapes
+%_libdir/%name/setattr --barrier /vservers
 
 %postun
 # 0 = erase, 1 = upgrade