From 0ccae21b22f7ced19865d2ad4a94fbfdf50244cd Mon Sep 17 00:00:00 2001
From: dann frazier <dannf@debian.org>
Date: Fri, 6 Apr 2007 19:24:02 +0000
Subject: [PATCH] * bugfix/all/vserver/net-mount-fix.patch   Fix mounting of
 network filesystems with VX_BINARY_MOUNT caps   (closes: #418076)

svn path=/dists/etch/linux-2.6/; revision=8424
---
 debian/changelog                                     |  5 ++++-
 .../patches/bugfix/all/vserver/net-mount-fix.patch   | 12 ++++++++++++
 debian/patches/series/13-extra                       |  1 +
 3 files changed, 17 insertions(+), 1 deletion(-)
 create mode 100644 debian/patches/bugfix/all/vserver/net-mount-fix.patch

diff --git a/debian/changelog b/debian/changelog
index d1112f2db..1e5a57bda 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -17,8 +17,11 @@ linux-2.6 (2.6.18.dfsg.1-13) UNRELEASED; urgency=low
     [SECURITY] Fix a vulnerability that allows local users to read
     otherwise unreadable (but executable) files by triggering a core dump.
     See CVE-2007-0958
+  * bugfix/all/vserver/net-mount-fix.patch
+    Fix mounting of network filesystems with VX_BINARY_MOUNT caps
+    (closes: #418076)
 
- -- dann frazier <dannf@debian.org>  Wed, 04 Apr 2007 01:38:23 -0600
+ -- dann frazier <dannf@debian.org>  Fri, 06 Apr 2007 13:16:08 -0600
 
 linux-2.6 (2.6.18.dfsg.1-12) unstable; urgency=low
 
diff --git a/debian/patches/bugfix/all/vserver/net-mount-fix.patch b/debian/patches/bugfix/all/vserver/net-mount-fix.patch
new file mode 100644
index 000000000..7c0a9d803
--- /dev/null
+++ b/debian/patches/bugfix/all/vserver/net-mount-fix.patch
@@ -0,0 +1,12 @@
+diff -NurpP --minimal linux-2.6.18.5-vs2.0.2.2-rc9/fs/super.c linux-2.6.18.5-vs2.0.3-rc1/fs/super.c
+--- linux-2.6.18.5-vs2.0.2.2-rc9/fs/super.c	2006-09-20 17:59:47 +0200
++++ linux-2.6.18.5-vs2.0.3-rc1/fs/super.c	2006-12-13 23:06:16 +0100
+@@ -848,7 +848,7 @@ vfs_kern_mount(struct file_system_type *
+ 
+ 	sb = mnt->mnt_sb;
+ 	error = -EPERM;
+-	if (!capable(CAP_SYS_ADMIN) && !sb->s_bdev &&
++	if (!vx_capable(CAP_SYS_ADMIN, VXC_BINARY_MOUNT) && !sb->s_bdev &&
+ 		(sb->s_magic != PROC_SUPER_MAGIC) &&
+ 		(sb->s_magic != DEVPTS_SUPER_MAGIC))
+ 		goto out_sb;
diff --git a/debian/patches/series/13-extra b/debian/patches/series/13-extra
index 752fcac9c..942a0b0d0 100644
--- a/debian/patches/series/13-extra
+++ b/debian/patches/series/13-extra
@@ -1,2 +1,3 @@
 + bugfix/all/vserver/cacct-overflow.patch  *_vserver *_xen-vserver
 + bugfix/all/vserver/locks.patch  *_vserver *_xen-vserver
++ bugfix/all/vserver/net-mount-fix.patch *_vserver *_xen-vserver