[PATCH] openat2: reject RESOLVE_BENEATH|RESOLVE_IN_ROOT
Aleksa Sarai
cyphar at cyphar.com
Tue Oct 27 23:39:41 UTC 2020
On 2020-10-27, Shuah Khan <skhan at linuxfoundation.org> wrote:
> On 10/7/20 4:36 AM, Aleksa Sarai wrote:
> > This was an oversight in the original implementation, as it makes no
> > sense to specify both scoping flags to the same openat2(2) invocation
> > (before this patch, the result of such an invocation was equivalent to
> > RESOLVE_IN_ROOT being ignored).
> >
> > This is a userspace-visible ABI change, but the only user of openat2(2)
> > at the moment is LXC which doesn't specify both flags and so no
> > userspace programs will break as a result.
> >
> > Cc: <stable at vger.kernel.org> # v5.6+
> > Fixes: fddb5d430ad9 ("open: introduce openat2(2) syscall")
> > Acked-by: Christian Brauner <christian.brauner at ubuntu.com>
> > Signed-off-by: Aleksa Sarai <cyphar at cyphar.com>
> > ---
> > fs/open.c | 4 +++
> > tools/testing/selftests/openat2/openat2_test.c | 8 +++++++-
>
> You are combining fs change with selftest change.
>
> Is there a reason why these two changes are combined?
> 2 separate patches is better.
Not really, I'll split it into two patches.
--
Aleksa Sarai
Senior Software Engineer (Containers)
SUSE Linux GmbH
<https://www.cyphar.com/>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://lists.linuxfoundation.org/pipermail/containers/attachments/20201028/615ffb3a/attachment.sig>
More information about the Containers
mailing list