mirror of
https://github.com/opnsense/src.git
synced 2026-06-11 01:30:30 -04:00
f77dc4d27a
The O_RESOLVE_BENEATH openat(2) flag restricts name lookups such that
they remain under the directory referenced by the dirfd. This commit
introduces an implicit version of the flag, FD_RESOLVE_BENEATH, stored
in the file descriptor entry. When the flag is set, any lookup relative
to that fd automatically has O_RESOLVE_BENEATH semantics. Furthermore,
the flag is sticky, meaning that it cannot be cleared, and it is copied
by dup() and openat().
File descriptors with FD_RESOLVE_BENEATH set may not be passed to
fchdir(2) or fchroot(2). Various fd lookup routines are modified to
return fd flags to the caller.
This flag will be used to address a case where jails with different root
directories and the ability to pass SCM_RIGHTS messages across the jail
boundary can transfer directory fds in such as way as to allow a
filesystem escape.
Approved by: so
PR: 262180
Reviewed by: kib
MFC after: 3 weeks
Differential Revision: https://reviews.freebsd.org/D50371
(cherry picked from commit
|
||
|---|---|---|
| .. | ||
| autofs | ||
| cd9660 | ||
| cuse | ||
| deadfs | ||
| devfs | ||
| ext2fs | ||
| fdescfs | ||
| fifofs | ||
| fuse | ||
| mntfs | ||
| msdosfs | ||
| nfs | ||
| nfsclient | ||
| nfsserver | ||
| nullfs | ||
| p9fs | ||
| procfs | ||
| pseudofs | ||
| smbfs | ||
| tarfs | ||
| tmpfs | ||
| udf | ||
| unionfs | ||