Sorry - this was vs1.26. I changed my fs/ext3/ioctl.c like this:
--- fs/ext3/ioctl.c.orig 2004-05-14 18:56:21.000000000 -0400 +++ fs/ext3/ioctl.c 2004-05-14 18:44:22.000000000 -0400 @@ -47,6 +47,10 @@ /* The JOURNAL_DATA flag is modifiable only by root */ jflag = flags & EXT3_JOURNAL_DATA_FL; + /* Immutable files cannot be changed */ + if (oldflags & flags & EXT3_IMMUTABLE_FILE_FL) + return -EPERM; + /* * The IMMUTABLE_* and APPEND_ONLY flags can only be changed * by the relevant capability. This seems to give the "expected" behaviour. I think the fix for ext2 is identical, and I didn't look at reiserfs or any other filesystem. Anyway, hopefully this is at list a little bit helpful :-) Grisha On Fri, 14 May 2004, Herbert Poetzl wrote: > On Fri, May 14, 2004 at 05:12:34PM -0400, Gregory (Grisha) Trubetskoy wrote: > > > > It looks like the attributes that do not require CAP_LINUX_IMMUTABLE (i.e. > > anything except IMMUTABLE_[FILE|LINK]FL and APPEND_FL) can by modified by > > root from within a vserver: > > > > ]# vserver grisha enter > > ipv4root is now 192.168.1.33 > > New security context is 10033 > > [EMAIL PROTECTED]:grisha /]lsattr /bin/ls > > ----i------t- /bin/ls > > [EMAIL PROTECTED]:grisha /]chattr +d /bin/ls > > [EMAIL PROTECTED]:grisha /]lsattr /bin/ls > > ----i-d----t- /bin/ls > > > > I'm not sure this is workng "as expected". It seems that an immutable file > > should be immutable including attribute changes. This doesn't seem like a > > yep, should not be allowed ... > at least not on 'unified' files (i.e. with immutable set) > > please, always include some basic system information > like kernel version, patch version, etc ... > > TIA, > Herbert > > > VServer, but rather a general Linux problem, but I wonder if the VServer > > patches should insist that immutability includes flag changing. > > > > Grisha > > _______________________________________________ > > Vserver mailing list > > [EMAIL PROTECTED] > > http://list.linux-vserver.org/mailman/listinfo/vserver > _______________________________________________ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver