From mboxrd@z Thu Jan 1 00:00:00 1970 From: David Drysdale Subject: [PATCH 0/3] fs: add O_BENEATH flag to openat(2) Date: Mon, 3 Nov 2014 11:48:22 +0000 Message-ID: <1415015305-15494-1-git-send-email-drysdale@google.com> Return-path: Sender: linux-api-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org To: linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, Alexander Viro , Kees Cook Cc: Greg Kroah-Hartman , Meredydd Luff , Will Drewry , Jorge Lucangeli Obes , Ricky Zhou , Lee Campbell , Julien Tinnes , Mike Depinet , James Morris , Andy Lutomirski , Paolo Bonzini , Paul Moore , Christoph Hellwig , "Eric W. Biederman" , linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, David Drysdale List-Id: linux-api@vger.kernel.org This change adds a new O_BENEATH flag for openat(2) which restricts the provided path, rejecting (with -EACCES) paths that are not beneath the provided dfd. This change was previously included as part of a larger patchset (https://lkml.org/lkml/2014/7/25/426) for Capsicum support; however, it is potentially useful as an independent change so I've pulled it out separately here. In particular, various folks from Chrome[OS] have indicated an interest in having this functionality. Changes since the version included in the Capsicum v2 patchset: - Add tests of normal symlinks - Fix man-page typo - Update patch to 3.17 Changes from v1 to v2 of Capsicum patchset: - renamed O_BENEATH_ONLY to O_BENEATH [Christoph Hellwig] David Drysdale (2): fs: add O_BENEATH flag to openat(2) selftests: Add test of O_BENEATH & openat(2) arch/alpha/include/uapi/asm/fcntl.h | 1 + arch/parisc/include/uapi/asm/fcntl.h | 1 + arch/sparc/include/uapi/asm/fcntl.h | 1 + fs/fcntl.c | 5 +- fs/namei.c | 43 ++++++--- fs/open.c | 4 +- include/linux/namei.h | 1 + include/uapi/asm-generic/fcntl.h | 4 + tools/testing/selftests/Makefile | 1 + tools/testing/selftests/openat/.gitignore | 3 + tools/testing/selftests/openat/Makefile | 24 +++++ tools/testing/selftests/openat/openat.c | 149 ++++++++++++++++++++++++++++++ 12 files changed, 220 insertions(+), 17 deletions(-) create mode 100644 tools/testing/selftests/openat/.gitignore create mode 100644 tools/testing/selftests/openat/Makefile create mode 100644 tools/testing/selftests/openat/openat.c -- 2.1.0.rc2.206.gedb03e5