[PATCHv3 0/3] fs: add O_BENEATH flag to openat(2)

From: David Drysdale
Date: Mon Mar 09 2015 - 10:01:18 EST


This change adds a new O_BENEATH flag for openat(2) which restricts the
provided path, rejecting (with -EPERM) paths that are not beneath
the provided dfd.

This change was originally included as part of a larger patchset
(https://lkml.org/lkml/2014/7/25/426) for Capsicum support; however, it
is potentially useful as an independent change so I've pulled it out
separately here.

In particular, various folks from Chrome[OS] have indicated an interest
in having this functionality -- when combined with a seccomp filter it
allows a directory to be accessed by a sandboxed process.


Changes since v2:
- Move tests into xfstests [Dave Chinner, with thanks for feedback
on initial version]
- Merge up to v4.0-rc3 & latest man-pages

Changes since v1:
- Don't needlessly duplicate flags [Al Viro]
- Use EPERM rather than EACCES as error code [Paolo Bonzini]
- Disallow nd_jump_link for O_BENEATH [Al Viro/Andy Lutomirski]
- Add test of a jumped symlink (/proc/self/root)

Changes since the version included in the Capsicum v2 patchset:
- Add tests of normal symlinks
- Fix man-page typo
- Update patch to 3.17

Changes from v1 to v2 of Capsicum patchset:
- renamed O_BENEATH_ONLY to O_BENEATH [Christoph Hellwig]


David Drysdale (1):
fs: add O_BENEATH flag to openat(2)

arch/alpha/include/uapi/asm/fcntl.h | 1 +
arch/parisc/include/uapi/asm/fcntl.h | 1 +
arch/sparc/include/uapi/asm/fcntl.h | 1 +
fs/fcntl.c | 4 ++--
fs/namei.c | 21 ++++++++++++++++++---
fs/open.c | 4 +++-
fs/proc/base.c | 4 +++-
fs/proc/namespaces.c | 8 ++++++--
include/linux/namei.h | 3 ++-
include/uapi/asm-generic/fcntl.h | 4 ++++
10 files changed, 41 insertions(+), 10 deletions(-)

--
2.2.0.rc0.207.ga3a616c
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/