Page MenuHomeFreeBSD

Implement O_BENEATH flag for openat(2).

Authored by jonathan on Jun 14 2015, 4:23 PM.
Referenced Files
Unknown Object (File)
Jun 25 2023, 12:50 PM
Unknown Object (File)
May 15 2023, 10:04 AM
Unknown Object (File)
May 4 2023, 11:56 PM
Unknown Object (File)
Mar 15 2023, 2:22 AM
Unknown Object (File)
Mar 4 2023, 9:18 PM
Unknown Object (File)
Mar 2 2023, 1:40 AM
Unknown Object (File)
Feb 14 2023, 1:55 AM
Unknown Object (File)
Feb 13 2023, 9:45 PM



Capsicum restricts capability-mode and capability-relative path lookups
to be "strictly relative": we do not permit absolute paths or ".." in
path resolution for these cases. This functionality could be useful in
non-Capsicum applications as well, and it has been proposed for inclusion
in Linux as a step along the way to Capsicum in Linux.

This commit would add the O_BENEATH flag for use in openat(2) to enable
"strict relative" lookups with unrestricted file descriptors (i.e., not
Capsicum capabilities) outside of capability mode. The only difference
from the Capsicum behaviour is that O_BENEATH would cause errno to be
EPERM rather than ECAPMODE or ENOTCAPABLE. If O_BENEATH is used together
with capability mode or a directory capability, EPERM is returned, since
the usermode application has explicitly requested the new behaviour.

Approved by: rwatson (mentor)

Diff Detail

Lint Passed
No Test Coverage

Event Timeline

jonathan retitled this revision from to Implement O_BENEATH flag for openat(2)..
jonathan updated this object.
jonathan edited the test plan for this revision. (Show Details)

User error: I meant to type arc diff --update D2808