Unionfs: check for immutable files before read-only branches

Immutable files should never be allowed to be copied-up on write, even if
they're on read-only file systems or branches.

Signed-off-by: Erez Zadok <ezk@cs.sunysb.edu>

diff --git a/fs/unionfs/inode.c b/fs/unionfs/inode.c
index 53d373a13d854ec9129aeb33b27f8125f8a93cfe..c772fbd83407da497fd473477f61cfa5a14c8930 100644 (file)
--- a/fs/unionfs/inode.c
+++ b/fs/unionfs/inode.c
@@ -984,6 +984,11 @@ static int inode_permission(struct super_block *sb, struct inode *inode, int mas
                    IS_RDONLY(inode) &&
                    (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode)))
                        return -EROFS;
+               /*
+                * Nobody gets write access to an immutable file.
+                */
+               if (IS_IMMUTABLE(inode))
+                       return -EACCES;
                /*
                 * For all other branches than the first one, we ignore
                 * EROFS or if the branch is mounted as readonly, to let
@@ -993,11 +998,6 @@ static int inode_permission(struct super_block *sb, struct inode *inode, int mas
                    is_robranch_super(sb, bindex) &&
                    (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode)))
                        return 0;
-               /*
-                * Nobody gets write access to an immutable file.
-                */
-               if (IS_IMMUTABLE(inode))
-                       return -EACCES;
        }
 
        /* Ordinary permission routines do not understand MAY_APPEND. */